Lloyd’s requiring state-backed cyberattack exclusionsPosted On: Aug. 18, 2022 1:39 PM CST
Lloyd’s of London will require standalone cyber policies to include state-backed cyberattack exclusions beginning in March 2023, it said in a market bulletin this week.
Lloyd’s said in Tuesday’s bulletin that in addition to any war exclusion, new or renewed standalone cyber policies should:
- Exclude losses arising from a war, whether declared or not where the policies do not have a separate war exclusion;
- Be clear as to whether the cover excludes computer systems that are located outside any state affected by the state-backed cyberattack;
- Subject to the former requirement, exclude losses arising from state cyberattacks that significantly impair a state’s ability to function or its security liabilities.
- Set out on a “robust” basis the parties’ agreement;
- Ensure all key terms are clearly defined.
The bulletin says managing agents “will be expected to demonstrate that the clauses they will be adopting” meet these requirements.
It states that “We recognize that many managing agents in the market are already including clauses in their policies specifically tailored to exclude cyber-attack exposure arising both from war and non-war, state-backed cyber-attacks.”
“We wish to ensure, however, that all syndicates writing in this class are doing so at an appropriate standard with robust wordings,” it said, adding that wordings should be legally reviewed.
The bulletin states also that the Lloyd’s Market Association “has already undertaken an extensive exercise in producing suitable model clauses addressing state-backed cyberattacks.”
Lloyd’s said late last year that it had decided to stop covering losses related to state-sponsored cyberattacks as part of its newly issued cyber war and cyber operation exclusion clauses.
Judy Selby, a partner with Kennedys Law LLP in New York, said, “the big takeaway” here is that “there’s been a lot of focus over the last few months particularly with regard to cyber war, and the bulletin makes clear that the focus should be on state-backed attacks, whether in the context of war, or non-war situations.”