My good friend Judy Greenwald reported for BusinessInsurance.com that “Lloyd’s of London will require standalone cyber policies to include state-backed cyberattack exclusions beginning in March 2023, it said in a market bulletin this week.” The August 18, 2022 article entitled “Lloyd’s requiring state-backed cyberattack exclusions” included these comments from my friend Judy Shelby (partner with Kennedys Law LLP in New York):
…”the big takeaway” here is that “there’s been a lot of focus over the last few months particularly with regard to cyber war, and the bulletin makes clear that the focus should be on state-backed attacks, whether in the context of war, or non-war situations.”
Also the article included comments that “Lloyd’s said in Tuesday’s bulletin that in addition to any war exclusion, new or renewed standalone cyber policies should”:
-
Exclude losses arising from a war, whether declared or not where the policies do not have a separate war exclusion;
-
Be clear as to whether the cover excludes computer systems that are located outside any state affected by the state-backed cyberattack;
-
Subject to the former requirement, exclude losses arising from state cyberattacks that significantly impair a state’s ability to function or its security liabilities.
-
Set out on a “robust” basis the parties’ agreement;
-
Ensure all key terms are clearly defined.
How does this impact you?