A recent order by Lloyd’s of London that major market firms will stop selling insurance because of a government-sponsored coup has prompted other insurers around the world to withdraw coverage in the fast-growing business.
Lloyd’s, the world’s largest insurance market, earlier this month he asked all online insurers that are selling through its platform to rewrite their policies, starting from March 2023, to indicate that they will stop selling cyber-attack services that are supported by government agencies.
The announcement will force Lloyd’s insurers to make their products more competitive and reduce the spread of cyberattacks. It could also encourage carriers outside of the Lloyd’s market to avoid citing serious cyber threats, at a time when the Russia-Ukraine war has heightened insurance concerns. many hacks.
“It’s very different for the cyber insurance industry. And it will give consumers a first step into using Lloyd’s of London,” said Stephanie Frenier, vice president of insurance CAC Specialty.
Insurance giants such as AIG, Chubb, and Liberty Mutual are exempt from the requirement because their business is diversified into commercial and retail markets. But their insurance products sold on the Lloyd’s market must obey its rules.
Almost all major insurers, including Berkshire Hathaway, CNA Financial, Much Re, Fairfax Financial, and Travelers, sell products through the Lloyd’s insurance market, according to AM Best, the world’s largest insurance agency.
Lloyd’s is telling major insurers “we don’t have control over you. But we do have control over your organizations here at Lloyd’s,” said Celso De Azevedo, cyber insurance lawyer at Enterprise Chambers.
Lloyd’s is based in London, but most American policyholders buy insurance through US insurers who trade on Lloyd’s market as its “syndicates”. More than 40% of Lloyd’s international revenue comes from US customers, according to Lloyd’s website.
Cyberattack insurance is in high demand among corporate clients. The top 20 US insurers will spend more than $3.9 billion in cybersecurity directly in 2021, according to AM Best data. Standalone cyber wages will jump 95% in 2021, it said.
State-sponsored terrorism often occurs during international conflicts. And insurance companies have contract policies that do not include protection against war risks.
But Lloyd’s new requirement is “tougher” for policyholders than what’s currently in the market, Frenier said.
Some market watchers see the change as a way for Lloyd’s to better define the nascent cyber insurance market, which lacks uniformity in rules and exclusions. Cyber insurers have experienced a 300% increase in losses since 2018, according to Fitch Ratings.
A court in New Jersey ruled last year that Chubb’s group cannot deny that Merck & Co lost $1.4 billion from NotPetya, a 2017 malware attack that the US blamed on Russia. (The Kremlin called the lawsuit “baseless.”) The court ruled that Chubb was responsible removed from the war they only prohibit physical warfare, not electronic warfare.
Although Merck sought coverage from property insurers, the decision put all insurers, especially cyber carriers, on alert about the clarity of their language.
Lloyd’s changes are not the first time they have reduced cyber insurance coverage. Last November, that printed information to its insurers to exclude four areas related to cyberattacks. The change helped to solve the problem of Lloyd’s insurance-market to ensure that a cyberattack was supported by the government before the implementation of the military withdrawal.
Insurers can also determine that a country was involved when the victim’s national government will sue another country, even if the country being blamed denies it, Lloyd’s said.
Apart from this it could indicate that “the moment, for example, when the White House says that it was the Russians or other threats, that’s it,” De Azevedo said. “It’s proven that he was that kind of player.”
If the victim’s country takes a “long time” or cannot point to another country, then the insurer can decide whether the cyberattack is state-sponsored and exclude coverage for such cases, Lloyd’s said in November.
However, insurers haven’t been very responsive to Lloyd’s changes in excluding war claims this year, Frenier said.
Now, Lloyd’s is asking insurers to comply with its demands by November or file a government-sponsored breach of contract that meets its requirements.
Lloyd’s new plan could lead to more lawsuits because of the uncertainty, said Andrea DeField, a partner at Hunton Andrews Kurth.
Loyd’s changes still leave many questions unanswered, industry executives say.
The secrecy of cyber activity makes it difficult for criminals to track them down, said Judith Selby, who represents insurers at Kennedys Law.
National governments no longer publicly say that another country has hacked and are “taking things too seriously” to avoid political pressure to answer, said Peter A. Halprin, a partner at Pasich LLP.
Will Insurers Comply?
Scott Godes, a partner at Barnes Thornburg, said online insurers “would be wise to avoid Lloyd’s drop” if they want to retain and grow the company’s customer base.
Some U.S. insurers are developing isolation measures to deal with cyber risks, Frenier said.
Beazley recently revealed the military and the failure of infrastructure plans to prevent the spread of dangerous events. In addition, Chubb, the largest US cyber insurer, proposed a widespread cyber plan last November that charges different premiums on top of a cyber policy.
Many cyber carriers won’t add that because they want to grow the business, Frenier said. They can take advantage of certain insurance restrictions to charge higher premiums and coverage, he added.
However, insurers with a large presence in the US, including Chubb, Fairfax Financial, Tokio Marine, Travelers and Beazley, do not hesitate to reduce coverage to avoid large losses, Manyem said.
“Any advice coming from an organization like Lloyds will make insurance companies look at what they are doing,” Manyem said.