Dec 2, 2021
94 Views
0 0

Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks

Written by

Newsletter
Join thousands of people who receive the latest breaking cybersecurity news every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
Share this article:
The insurer won’t pay for ‘acts of cyber-war’ or nation-state retaliation attacks.   
Fallout from nation-state sponsored cyberattacks will no longer be covered under cyber-insurance policies issued by famed insurer Lloyd’s of London.
The insurance juggernaut’s underwriting director Patrick Davidson just released four new Cyber War and Cyber Operation Exclusion Clauses, outlining the new terms.
The company explained it will no longer cover losses resulting from “cyber-war,” which it defined as a cyber-operation carried out as part of a war, any retaliatory attacks between specified states, or a cyber-operation “that has a major detrimental impact on the functioning of a state.”

Countries specified in the exemption language are China, France, Japan, Russia, the U.K. and the U.S.
The insurer’s new definition of cyber-war leaves plenty of latitude for the insurer to refuse to pay.
Under the Lloyd’s of London explanation, they can also refuse to pay on nation-state-sponsored attacks on services essential for a state to function, like financial institutions, financial market infrastructure, health services and utilities, according to the exclusion documents.
“In discussion with Lloyd’s it has been agreed that, in respect of standalone cyber-insurance policies, these clauses meet the requirements set out in the Performance Management — Supplemental Requirements & Guidance (July 2020) which state that all insurance and reinsurance policies written at Lloyd’s must, except in very limited circumstances, contain a clause which excludes all losses caused by war,” Davidson said.
Further, the attack doesn’t need official attribution to be excluded from the cyber-insurance policy. The exclusion documents outlined that pending any government attribution, the insurer can decide through “inference which is objectively reasonable” to attribute cyberattacks to state activities.
It added that it can also decide whether the attack is exempt from coverage without government attribution in the event the decision takes “an unreasonable amount of time, does not, or is unable to attribute the cyber-operation to another state or those acting on its behalf.”
This narrowing of coverage is in response to evolving threats, increased risk and a 95-percent increase in demand during the third quarter, according to Chris Reese, head of insurance at Cowbell Cyber.
“Cyber-coverage delivers financial protection and incident-response expertise to assist businesses in returning to normal operations after an incident,” she told Threatpost. “In parallel, cyber-insurance is in transition. Insurers need to overhaul their underwriting strategies to account for the unique nature of cyber-risk – evolving threats, rapidly expanding exposures because of digitization, complexity of IT infrastructure – to avoid any disconnect with the risk they commit to cover. Technology, data and automation have become core to modern underwriting for cyber.”
Debates over the best response to an attack generally include a close look at the calculus of relying on cyber-insurance to just pay up for a ransomware hit so the company can move on to recovery, but if insurers continue to narrow their scope of coverage, that investment could shift.
In fact, researchers from Fox-IT, part of NCC group, just released data that showed whether a company carries cyberinsurance or not, attackers have already calculated how much a company can afford to pay in ransom, potentially attracting them to organizations with policies to achieve higher payouts.
“The results show that the adversaries operating behind the dataset we collected knew how much ransom a victim is willing to pay before the negotiation had started,” the Fox-IT analysts explained.
There’s a sea of unstructured data on the internet relating to the latest security threats. REGISTER TODAY to learn key concepts of natural language processing (NLP) and how to use it to navigate the data ocean and add context to cybersecurity threats (without being an expert!). This LIVE, interactive Threatpost Town Hall, sponsored by Rapid 7, will feature security researchers Erick Galinkin of Rapid7 and Izzy Lazerson of IntSights (a Rapid7 company), plus Threatpost journalist and webinar host, Becky Bracken.
Register NOW for the LIVE event!
 
Share this article:
AT&T is battling a modular malware called EwDoor on 5,700 VoIP servers, but it could have a larger wildcard certificate problem.
The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts.
Kaspersky researchers suspect that the cyberattackers may be a subgroup of the politically motivated, Palestine-focused Gaza Cybergang.
J Block on
Tara Seals on
Pedro on
Tara Seals on


This site uses Akismet to reduce spam. Learn how your comment data is processed.
Join thousands of people who receive the latest breaking cybersecurity news every day.
Pankaj Gupta, Senior Director at @Citrix, outlines how distributed denial of service attacks have become increasing… https://t.co/djwhuUE82e
2 weeks ago
Get the latest breaking news delivered daily to your inbox.
The First Stop For Security News
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.

source

Article Categories:
Vulnerabilities

Comments are closed.