Lloyd’s latest position on cyber raises fears of a “gray area”.

Read more: WTW reports on what’s happening in the cyber insurance market

“Cyberattack threats affecting government actors, however, have other issues that need to be considered,” Lloyd wrote in his August 16 market report.

“In particular, when writing cyberattack risks, underwriters should consider the possibility that state-sponsored threats may occur outside of a war related to power. The damage they can cause and their spread pose a similar risk to insurance.”

This is not the first time Lloyd has sought to close the cyber gap. From 2020, the market participants had to clearly state whether the policy involves cyber or not.

The latest changes come as regulators are already tightening the wording to exclude “exposed cyberattacks resulting from military and non-military, state-led attacks”, Lloyd’s said in a statement.

However, it added in the article that: “However, we want to make sure that all groups that write in this class do so at the right level, with strong words.”

If the changes take effect from March 31, sources say it is likely that others in the global insurance market will follow suit.

They also warned of a “grey area”, where it would be difficult to determine whether the attack was state-led or not, and the possible prosecutions that would follow.

“Every time a new release or a new language is launched, especially when you talk about losses such as cyber threats that are very difficult and happening. I think that when they first come out, there can be many cases, on what the release means, how they are used,” said Cindy Jordano, a partner at Cohen Ziffer Frenchman & McKenna, lives in New York.

Jordano predicted that other insurers “will follow suit”, although others “may be opportunistic and see it as a place to provide services where Lloyd’s is lacking.”

Insurers can face difficulties in proving that the discount applies “unquestionably in every case”.

“It’s going to be difficult to do this to force people to not be removed, because a lot of these cyberattacks are done in secret, they’re done anonymously, and you’re not going to have a government that’s going to come out and admit that they’re responsible,” he said. Jordan said.

In the UK, John Pennick, chairman of the online watchdog group of the British Insurance Brokers’ Association, warned of many concerns for advertisers as a result of the change, including reputation.

“If it’s left to a business affected by ransomware to try to deal with the problem on its own, then the business is doomed,” Pennick warned. “Or if the insurers decide, it’s not military and they think it’s covered, it might be too late.”

Although some of the staff raised noise about the change, for Chris Gissing, business development representative at Arete Response, the purpose of the move is “big”.

“They have come to reaffirm their support for cyber insurance is the best in the industry as a whole, and Lloyd’s is working to address cyber ransom incidents – one of the biggest challenges in the industry,” Gissing. he said.

“In general, the market has already started to take steps to reduce the exposure of ransomware threats, and other cyberattacks, through a strict approach to document management – now it is impossible to find information without MFA requirements or conditions or limits of ransomware cover. , as examples.”

Read more: BTIS, At-Bay’s partner to establish a cyber insurance market

The real challenge, Gissing established, will be identifying whether the attack is state-sponsored.

“The anonymity of the Internet makes it difficult to say whether a country or a terrorist group is launching a bold attack,” he said. “It doesn’t matter whether the criminal organizations that can be supported by the government, are sympathetic to the government or the exterminators.”

“The exception could lead to a serious debate about reimbursement for policyholders without a clear, uniform process for detecting a ‘state-sponsored cyberattack,'” Gissing added.

An employee at a cyber security firm said he hopes the change will drive greater collaboration and sharing of privacy in the community.

“It’s going to take a whole community to win this fight,” Gissing said.

Eighty-six percent of respondents in a recent survey believed they were dealing with a cyberattack by a national agency, and the lines between state and non-state terrorism continue to “blur”, the report said. it found.

Trellix and the US Center for Strategic and International Studies surveyed 800 security decision makers from the US, UK, Germany, France, Japan, India and Australia between November and December 2021.

Different countries pursue different cyber goals, the report said, with Russia, China, and Iran having political, military, and industrial goals. Cyber ​​criminals​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​front-level-related in North Korea in 2021, according to Chainalysis.

The estimated cost to organizations affected by a government-sponsored threat is more than $1 million per threat and approximately $1.6 million per incident, according to Christiaan Beek, chief scientist and chief engineer, Trellix Threat Labs.

“We found that 63% of IT decision makers are very confident in their ability to differentiate between types of events,” Beek said.

“When organizations have cybersecurity measures in place to deal with incidents on behalf of their customers, they have greater confidence in distinguishing between government-sponsored and other cyber incidents.”