Nigel Hanbury, CEO of Helios Underwriting and Board member of Association of Lloyd’s Members, has said it will be a case of “suck it and see” when it comes to the new exclusions for state-backed cyber attacks recently laid out by Lloyd’s.
In a public statement, the Lloyd’s investment and underwriting vehicle boss acknowledged that the exclusions – announced last month – seem “eminently sensible” in theory.
“Exclusions for acts of war are already typical for ‘real world’ insurance coverage, and state backed cyber attacks can be seen as an attack on another state’s critical infrastructure – a war in all but name,” Hanbury explained.
However, he added that, in practice, Lloyd’s underwriters could face “murky waters” in cases where the actors behind an attack are not explicitly backed by a state, but could be linked in other ways.
For instance, Hanbury suggests that some attacks will be viewed as having the covert backing of a state, even if they are not openly funded or organised by government agencies.
“I think that underwriters have done their best to provide guidance on this in the policy language of their exclusions, but it may prove to be difficult to parse out the links that potential cyber attackers may have to state-adjacent organisations,” he continued.
“I think it will be a case of ‘suck it and see’ – only time will tell as to whether the exclusions bring sufficient clarity, or whether policy wording will need to evolve further.”
The new requirements for cyber exclusions at Lloyd’s will take effect from 31 March 2023 at the inception or on the renewal of each policy.
Leaders at the insurance and reinsurance marketplace affirmed that they remain strongly supportive of the writing of cyber-attack cover but warned that cyber-related business continues to be an evolving risk, and, if not managed properly, they say it has the potential to expose the market to systemic risks that syndicates could struggle to manage.
Exposure to cyber-attack losses has been an area of market focus in circumstances where the losses arise from attacks sponsored by sovereign states.
Lloyd’s says it is important that they have the confidence that syndicates are managing their exposure liabilities from war and state-backed cyber-attacks. Robust wordings also provide the parties with clarity of cover, which means that risks can be properly priced and reduces the risk of disputes, analysts say.
With cyber attacks continuing to become more common with each passing year, and the demand for insurance cover rising ever higher, Hanbury believes the debate around cyber insurance will “run and run” as the market tries to gain a firmer grasp on this relatively new area of risk.