The Lloyd’s Market Association (LMA) has updated and replaced a number of its cyber war clauses related to the involvement of states and sovereign actors in cyber attacks and other operations.
In particular, the LMA has focused the updates around the use of the term ‘sovereign state’ and how it would operation in certain exclusions.
The update splits each clause into an ‘A’ and ‘B’ version, with the latter excluding any agreement as to how a cyber operation is attributed to a state in order to determine whether an exclusion operates.
It comes in response to a Lloyd’s request that the attribution be dealt with in the exclusion clause itself.
Lloyd’s does however state that alternative approaches will be considered and where the requirements are not met, they will be considered on a case by case basis.
Lloyd’s has also confirmed to the LMA that clauses which do not reference attribution will be considered by them so long as there is a mechanism for dealing with resolving questions of attribution in the policy or a robust reason can be given for why it is not required.
The Association specified that the clauses have not been drafted to exclude losses arising from a cyber operation undertaken by a state which causes major detrimental impact to another part of the same state, unless those cyber operations occur as part of an armed conflict (or the immediate preparation for armed conflict).
Instead, where there is the potential for disputes over sovereignty, the LMA advises underwriters to seek legal council and consider whether additional clarity is required.
Likewise, the LMA clarified that its model clauses are published only for the guidance of Lloyd’s participants, and maintained that it is for underwriters to decide whether or not any contractual language is acceptable on any given risk.
