Security News > 2021 > November > Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks

Fallout from nation-state sponsored cyberattacks will no longer be covered under cyber-insurance policies issued by famed insurer Lloyd's of London.

The insurance juggernaut's underwiring director Patrick Davidson just released four new Cyber War and Cyber Operation Exclusion Clauses, outlining the new terms.

The company explained it will no longer cover losses resulting from "Cyber-war," which it defined as a cyber-operation carried out as part of a war, any retaliatory attacks between specified states, or a cyber-operation "That has a major detrimental impact on the functioning of a state."

Under the Lloyd's of London explanation, they can also refuse to pay on nation-state-sponsored attacks on services essential for a state to function, like financial institutions, financial market infrastructure, health services and utilities, according to the exclusion documents.

"In discussion with Lloyd's it has been agreed that, in respect of standalone cyber-insurance policies, these clauses meet the requirements set out in the Performance Management - Supplemental Requirements & Guidance which state that all insurance and reinsurance policies written at Lloyd's must, except in very limited circumstances, contain a clause which excludes all losses caused by war," Davidson said.

The exclusion documents outlined that pending any government attribution, the insurer can decide through "Inference which is objectively reasonable" to attribute cyberattacks to state activities.

News URL

https://threatpost.com/lloyds-cyber-insurance-exclusions/176669/