Source: Lloyd's > Read more of this > here
Lloyd’s has told its syndicates that they must add cyber policy clauses that exclude state-backed cyberattacks linked to both physical and non-physical conflict
Requirement for exclusions in standalone cyber-attack policies
It is important that Lloyd’s can have confidence that syndicates are managing their exposures to liabilities arising from war and state backed cyber-attacks. Robust wordings also provide the parties with clarity of cover, means that risks can be properly priced and reduces the risk of disputes.
We are therefore requiring that all standalone cyber-attack policies falling within risk codes CY and CZ must include, unless agreed by Lloyd’s, a suitable clause excluding liability for losses arising from any state backed cyber-attack in accordance with the requirements set out below. This clause must be in addition to any war exclusion (which can form part of the same clause or be separate to it). At a minimum, the state backed cyber-attack exclusion must:
exclude losses arising from a war (whether declared or not), where the policy does not have a separate war exclusion.
(subject to 3) exclude losses arising from state backed cyber-attacks that
(a) significantly impair the ability of a state to function or (b) that significantly impair the security capabilities of a state.
be clear as to whether cover excludes computer systems that are located outside any state which is affected in the manner outlined in 2(a) & (b) above, by the state backed cyber-attack.
set out a robust basis by which the parties agree on how any state backed cyber- attack will be attributed to one or more states.
ensure all key terms are clearly defined.