Lloyds not paying cyber claims, had us asking questions.
Last week, Lloyds of London released a bulletin saying they would no longer pay for ‘acts of cyber-war or nation-state retaliation attacks’. Immediately there was a “firestorm of concern” from tech experts. So, we took it to our resident insurance market expert and Chief Revenue Officer, Shawn Melito, to get his take. This is what he had to say:
Clarification of Cyber Insurance Policies
The general consensus around the new Lloyd’s language covering state-sponsored attacks is that this isn’t a death knell for cyber insurance. Most cyber policies already had a war exclusion. This attempts to standardize the definition and give the insurers more leeway in calling out state-sponsored attacks to reduce confusion and arguments when a claim arises – another move towards clarification as cyber insurance policies mature.
Over the last few years, ransomware and the number of claims have been increasing (see our blog post on the Corvus report for Q3 2021). The escalation has meant that many claims books have been well into the red. Insurers have been forced to look at their exposures. One major insurer recently announced a move towards a reduced coverage model for what they define as catastrophic events, and others will undoubtedly follow suit. Insurers cannot continue as-is, paying out claims at their rates for the premiums they charge – it just isn’t a sustainable model.
That all said, for those purchasing cyber insurance, there are two critical points to remember.
- The changes are only suggested language, Lloyd’s-based insurers can use them as they see fit.
- Lloyd’s isn’t the only place to purchase cyber insurance. Potential clients can work with their brokers to find more broadly worded policies elsewhere.
Those insurers willing to take on a broader definition of what constitutes a claim they will pay can potentially have a more significant market share.