As Nation state cyber-attacks become more prevalent, more insurance writers are starting to view the risk exposure as a significant threat. Lloyds of London expressed that starting March 2023, all policies will be excluding nation state cyber-attacks and cyber-attacks that may happen during a war event. Additionally, these policies are said to at least exclude losses due to an event that effects a state’s function and security capabilities.
Systemic events from nation state attacks are difficult to manage from a claims perspective, as well as from a language perspective. The current cybercrime market has evolved to a point where it is difficult to differentiate cyber criminals from nation state cyber threat actors due to the increase of resources available to conduct attacks such as toolkits and zero-day vulnerability exploits. The sophistication and commoditization of attacks have given the ability to nation state groups to hide their identities during an attack which is makes it difficult for insurers to attribute attacks to a nation state group.
A similarly difficult task is to determine the level of severity that would trigger such an exclusion. The introduction of this language is not intended to deny nation state non catastrophic cyber claims. Instead, their intent is to avoid insolvency caused by losses from a catastrophic warlike cyber event. Additional language evolution is to be expected in the upcoming months from the market to address the growing concern of nation state threats.
Sources:
https://www.theregister.com/2022/08/24/lloyds_cybersecurity_insurance/
About the Author:
Doug Kreitzberg– Founder & CEO of SeedPod Cyber
As CEO of USI Affinity and Programs (2004-2018), Doug led affinity business development, marketing and program businesses, including professional liability, commercial property & casualty, personal lines and life and disability Programs. In 2018, Doug founded a cybersecurity and data privacy risk consulting firm. It was through his consulting practice that he learned the value that Managed Service Providers bring to small and medium sized businesses. That insight formed the basis for SeedPod Cyber, a cyber insurance managing general agency Kreitzberg founded in 2021 which partners with Managed Service Providers to provide cyber insurance to their clients.
