Lloyd’s of London tells insurers to halt covering state-backed cyberattacks
Lloyd’s of London has said its insurers will be required to stop covering state-backed cyberattacks in their standard cyber insurance policies.
The centuries-old insurance marketplace told its underwriters to make exclusions for cyberattacks launched by governments and state actors, over concerns such attacks could expose the market to unmanageable losses.
“If not managed properly [a state-backed cyberattack] has the potential to expose the market to systemic risks that syndicates could struggle to manage,” Lloyd’s said in a market bulletin.
The insurer warned that a large-scale cyber attack launched by a foreign power could expose underwriters to systemic risks, due to the damage such attacks can cause and their ability to spread on a widespread basis.
The London insurance marketplace warned the risk is heightened by the world’s heavy reliance on digital infrastructure as it said the losses could go far beyond the market’s capacity.
“In particular, the ability of hostile actors to easily disseminate an attack, the ability for harmful code to spread, and the critical dependency that societies have on their IT infrastructure, including to operate physical assets, means that losses have the potential to greatly exceed what the insurance market is able to absorb,” the insurance marketplace said.
The new policy comes amid warnings the world could see a major uptick in cyberattacks due to the war in Ukraine and an increased threat from Russian hackers.
Lloyd’s said standalone cyber-attack policies must include clauses excluding liability for losses arising from state-backed hacks, unless approved by Lloyd’s.
The marketplace said the new policy will come into effect in March 2023 or on renewal of each cyberattack policy.