Lloyd’s of London says state-backed cyberattack policy is ‘responsible’
Lloyd’s of London has defended plans to stop providing insurance coverage for state-backed cyberattacks.
In an interview with the Financial Times, Lloyd’s chief of markets Patrick Tiernan said the insurance marketplace is “being responsible” by taking a cautious approach.
In a note last month, Lloyd’s explained that the potential for state-backed cyberattacks to spread could create losses that “greatly exceed what the insurance marketplace is able to absorb”.
Tiernan noted that cyber insurance policies are still in their “infancy” as he claimed that offering coverage for state-backed attacks would force insurers to hold greater sums of capital, to protect themselves against bankruptcy.
Aaron Le Marquer, a partner at law firm Stewarts, warned the terms of Lloyd’s exclusion could see insurers refuse to pay out, due to a lack of clarity around what is meant by the term ‘by or on behalf of a state’.
He explained that the exclusion clause lets insurers refuse to pay out to policyholders, pending investigation, with no time limit on when an investigation should be completed.
Le Marquer noted that it is often hard to determine whether hackers are state-backed or not, due to the nature of cyberattacks.
“I would be very wary of paying for a policy containing any of these exclusions,” Le Marquer said, as he argued policyholders may increasingly begin securing policies from insurers outside the Lloyd’s market.
A Lloyd’s of London spokesperson said: “Cyber remains a priority area for Lloyd’s and we will continue to take a pragmatic and innovative approach to supporting the growth of cyber at Lloyd’s.”
The policy “ensures we are managing risk responsibly on behalf of customers – including potentially systemic risks – while approaching this complex field with the expertise and diligence it requires,” the Lloyd’s spokesperson said.