Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Lloyd’s of London: Insurers Should Not Cover ‘Retaliatory Cyber Operations’ Between Nation States

December 2, 2021

The Register reported on November 30^th that Lloyd’s of London may no longer extend insurance coverage to companies affected by acts of war. New clauses drafted for providers of cyberinsurance are raising the alarm for organizations impacted by nation state-backed attacks.

The insurer’s “Cyber War and Cyber Operation Exclusion Clauses” include an alarming line suggesting policies should not cover “retaliatory cyber operations between any specified states” or cyber-attacks that have “a major detrimental impact on… the functioning of a state.”

“The insurer shall have the burden of proving that this exclusion applies,” according to the exclusion policies published by the Lloyd’s Market Association.

The four clauses are published as a suggestion for insurers in Lloyd’s-underwritten policies and are not concrete rules. Nonetheless, it seems likely that some insurers will follow these clauses.

According to the article, “The policy clauses also raise the idea of insurance companies attributing cyber-attacks to nation states in the absence of governments carrying out attribution for specific incidents, an idea that seems extremely unlikely to survive contact with reality.”

All four of the clauses contain this wording:

“Pending attribution by the government of the state (including its intelligence and security services) in which the computer system affected by the cyber operation is physically located, the insurer may rely upon an inference which is objectively reasonable as to attribution of the cyber operation to another state or those acting on its behalf. It is agreed that during this period no loss shall be paid.”

Nation state attacks are common. If they are excluded from cyberinsurance policies, I’m not at all sure what the policy is really worth. But if Lloyd’s of London is going down this road, it is likely that other cyberinsurers will as well.

Hat tip to Dave Ries.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Lloyd’s of London: Insurers Should Not Cover ‘Retaliatory Cyber Operations’ Between Nation States

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer