Lloyd’s of London has announced that its insurance policies will no longer cover losses resulting from certain nation-state cyber attacks or acts of war.
This could be soon followed by other insurers. In fact a similar stand was taken by Zurich American that had insured Mondolez in 2019.
Cyber Insurers are grappling with the risk of these cyber threats become more widespread, and having bigger impact, as such the policies could “expose the market to systemic risks that syndicates could struggle to manage”.
The current war between Russia and Ukraine, is a case in point.
Given the scale of these attacks, Lloyd’s said that policies that don’t already have a war exclusion must not cover – at a minimum – losses arising from war, whether one has been declared or not.
Policies must also exclude nation-state cyber attacks that “significantly impair the ability of a state to function or that significantly impair the security capabilities of a state”.
These changes will take effect from 31 March 2023, and will become binding at the inception or renewal of each policy.
But the bigger question here being about Attribution!
It has been difficult and will remain so in the near future, how will the cyber insurance industry grapple with this?
Would love to hear from my connects in the IH & DF domain.
#cyber #cyberwars #attribution #cyberincident #cyberinsurance #actofwar #Security #risktransfer #incidenthandling #digitalforensics
Information Security As I See It 
Interesting news related to the domain
https://therecord.media/in-an-industry-first-insurance-firm-announces-cyber-bond-to-cover-claims-over-300-million/?utm_campaign=cyber-daily&utm_medium=email&_hsmi=241230291&_hsenc=p2ANqtz–WkM7AxSIeuDCL3nCZV_Ju5wNQN-sjIHGE4kA4KZgs0LKM2_RpXUPvdhkWMsAdMTC2EAfQxi3BnB6wzYypUvfQ9IWCkw&utm_content=241230291&utm_source=hs_email