cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Lloyds of England back out of Cyber Insurance

Hi All

 

Lloyds of England pull out of Cyber Insurance!!

 

"Lloyds of London has announced that from 2023 all of its insurer groups will have to exclude “catastrophic” state backed attacks from their cyber insurance policies. Lloyds is an insurance marketplace where over 70 syndicates of underwriters operate to provide insurance for businesses and individuals.

In the market bulletin put out by Lloyds they note that Lloyds remains “strongly supportive of writing cyber-attack cover” but goes on to express concern over the difficulty of managing exposure to such risks. In particular they note “the ability of hostile actors to easily disseminate an attack, the ability of the harmful code to spread” along with the critical dependency society has on IT."

 

https://red-goat.com/lloyds-of-london-exclude-nation-backed-cyberattacks-from-insurance/

 

Regards

 

Caute_Cautim

2 Replies
tmekelburg1
Community Champion

The WSJ article I read on this had a good example on how this could affect your business.

 

"Insurers have been exploring ways to tighten the language in their policies, particularly after a New Jersey judge last year ruled in favor of Merck & Co. deciding it was entitled to payouts from its insurers after a 2017 cyberattack. Merck had been affected by the NotPetya virus, which it said ultimately cost $1.4 billion to recover from. The company’s property and casualty insurers initially denied the claims on the basis of war exclusions. In that case, the judge said Merck couldn’t reasonably be expected to know that war exclusions would apply to such an event, essentially declaring that a common acts-of-war exclusion doesn’t cover cyberattacks."

 

Lloyd’s to Exclude Catastrophic Nation-Backed Cyberattacks From Insurance Coverage - WSJ

ericgeater
Community Champion

I think insurance would be smart to embrace RMF or the SANS Top 20 frameworks as effective ways for their customers to create a functioning audit review of a company's infrastructure.

 

Or hell, insurance should get into the "value-add" business, make a list of check-off boxes and affidavits, and demand specific levels of accepted compliance for cybersecurity coverage.  This should be no different than an annual fire inspection on a sprinkler system -- especially if a company's sprinkler system is capable of spewing its dirty water all over the world within microseconds.

--
"A claim is as good as its veracity."