Lloyd’s excluding nation-state cyber attacks from Cyber Insurance


Lloyd’s London, one of the largest insurance services providers in the world, has disclosed that it is making amendments to its cyber insurance laws that will come into effect from March 2023. And as per the latest, all risks emerging from cyber attacks that are funded by nations will be excluded from the cyber insurance policies and the new rule will apply to all the new policies and the about-to-be renewed ones.

Lloyd’s decision came after reviewing the consequences of the ongoing digital war between Russia and Ukraine. It also added in its latest update that such threats are causing systemic risks to the entire insurance market and, to mitigate the risks, it has excluded state-sponsored cyber attacks from its coverage policy.

All insurance companies exclude the risks inferred from war like situations. And so does Lloyd that sent a memo to the company’s 75 insurance syndicates.

It’s obvious and expected to say some veterans of the security industry. Frederick Pennington, who led a multinational technology firm, as a CTO, till the year 2020 felt that companies are becoming gingerly in what to cover and what not; for the risks associated with the cyber attacks.

During a recently held RSA Conference, Rob Joyce, the director of NSA, also stated that same in one of his tweet that was too sarcastic.

Rob concluded that insurance companies will find it tough to alienate attacks that are state funded and those that are launched by individuals.

Usually, such threats are figured out with the level of sophistication with which they are launched. However, most threat groups such as the ones spreading ransomware are becoming sophisticated that it’s becoming hard to predict whether they are launched by advanced Persistent Threat(APT) groups.

NOTE- Attribution of attacks to nations is hard to prove and will never stand in a court of law. So, such amendments might pave the way for challenges from customers, especially from those whose renewal is pending.


Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display