State-Based Cyberattacks to be Excluded from Lloyd’s of London Cyber Insurance Policies



Exclude Cyber InsuranceAs cyber insurers evolve their understanding of the cyber attack landscape, who’s responsible, and what’s at stake, a logical next step is taken by Lloyd’s to better isolate what is covered and what isn’t.

It’s inevitable; cyberinsurers can’t blindly just cover every kind of cyberattack and pay out every time one happens – there are too many to count, and often times it’s the insured’s own employees that enabled an attack potentially covered by a cyber insurance policy.

A new market bulletin put out by Lloyd’s of London makes it clear that very specific types of attacks – those that are essentially akin to cyber warfare – are not going to be covered.

“We are therefore requiring that all standalone cyber-attack policies…must include, unless agreed by Lloyd’s, a suitable clause excluding liability for losses arising from any state backed cyber-attack.”

Some of the requirements around this exclusion includes:

  • Losses arising from a war
  • Losses arising from state backed cyber-attacks the “that (a) significantly impair the ability of a state to function or (b) that significantly impair the security capabilities of a state.”

It also mentions that coverage with such an exclusion must also:

  • Specify whether computer systems outside an affected state (presumably within the context of the requirements above) are excluded or not
  • Provide an agreement between Lloyd’s and the insured as to “how any state backed cyber attack will be attributed to one or more states”

This puts more of the burden of having a strong protective cyberstance all the more important – one that includes Security Awareness Training as part of a layered defense to prevent cyber attacks from ever gaining entrance to a victim network and wreaking havoc – state actor or not.


Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Request a Demo!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/kmsat-security-awareness-training-demo

Topics: Cybercrime

Subscribe To Our Blog


Ransomware Hostage Rescue Manual




Get the latest about social engineering

Subscribe to CyberheistNews