free counter

Lloyds to get rid of insurance plan for state cyber attacks

Lloyds of London has instructed its members to exclude nation state cyber attacks from plans from 2023, saying they pose unacceptable degrees of risk

Alex Scroxton


Published: 22 Aug 2022 9: 26

Insurance market Lloyds of London has indicated that it’ll proceed to require its insurance groups to exclude catastrophic nation state cyber attacks from cyber insurance policies from 31 March 2023.

Based on the Wall Street Journal, that was first to report the story, the change will supposedly make sure that the scope of cyber plans is manufactured clear to buyers, and has been made because Lloyds believes the impact of state-backed attacks is really a systemic risk.

The newspaper cited a 16 August notice compiled by underwriting director Tony Chaudhry. Chaudhry said Lloyds remained strongly supportive of cyber insurance, but that such policies would have to be appropriately managed given the fast-evolving nature of the threat landscape.

Chaudhry said that specifically, the power of nation state-backed threat actors to spread their attacks efficiently and the critical dependencies that societies will have on digital infrastructure meant that the losses which could arise have the potential to greatly exceed what the insurance market can absorb.

The move by Lloyds reflects an evergrowing trend among cyber insurers to tighten the conditions and terms of these policies. Talking with Computer Weekly earlier in 2022, Heidi Shey, a principal analyst at Forrester, described a hardening of the marketplace which has seen, among other activities, insurer AXA France suspend reimbursements for ransomware payments.

In exactly the same article, Simon Gilbert ofinsurance brokerage Elmore commented: The major trend we’ve seen in days gone by 12 months is really a decrease in the limit of indemnity the most an insurer can pay under an insurance plan and the rising cost of cyber insurance because of ransomware losses impacting the cyber insurance portfolio of nearly every insurer.

The changes lend further weight to concerns that organisations are increasingly finding it difficult to procure appropriate cyber insurance plan, as recent research made by risk management specialist Huntsman Security showed.

The firms CEO, Peter Woollacott, said there have been several factors in play, including tighter regulatory controls, increasing premiums, increasingly rigorous underwriting, capacity constraints, and coverage limits such as for example those proposed by Lloyds.

He warned that the amount of organisations that could not have the ability to afford cyber insurance, would end up getting insufficient coverage, or be refused coverage altogether, could double by the finish of 2023.

With this particular reduced insurance access alongside increasing cyber threats and tightening regulations, many organisations are losing cyber insurance being an important risk management tool, said Woollacott. Even those that can still get insurance are paying a prohibitively high cost.

Therefore, security leaders have to be clear that cyber insurance is only 1 of several levers they are able to pull, and really should not be utilized to displace the controls which should already maintain place, said Tom Venables, practice director for application and cyber security at Turnkey Consulting.

Someone might insure their car, but nonetheless obey the speed limit, wear a seatbelt and steer clear of drinking and driving, he said. Quite simply, despite being insured, they take additional precautionary measures to guarantee the risk to the automobile is kept to the very least.

Applying this principle to cyber insurance, security professionals have to concentrate on understanding the chance to the organisation. They have to know the info assets that want protecting, how those assets could be vulnerable, and what controls must decrease the risk.

Databases might all have up-to-date patching, but if one supports a business-critical application, such as for example controlling a production line, it could be more critical in case of a ransomware attack.

Read more onto it risk management

Read More

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker