Filing cyber insurance claims has become a tough journey for many industrial organizations, especially because more policies now exclude coverage for attacks linked to nation-states or ‘war-like’ incidents. Take Lloyd’s of London, for instance; they mandated in 2023 that their policies won’t cover losses from state-backed cyber incidents. This leaves organizations stuck in a difficult spot, as proving a cyberattack came from a nation-state is incredibly tough, and insurers have various reasons they can use to deny a payout. Even with a policy in hand, many firms could find themselves exposed when it matters most.
Insurance companies and underwriters, in response, began getting stricter about what risks they’re willing to take on in operational technology (OT) environments. Legacy equipment, patching gaps and limitations, availability demands, and safety constraints are increasingly integrated into underwriting models, pushing higher premiums, stricter renewals, and, in some instances, outright refusal to insure risky environments. Insurers have been known to want to see details like asset inventories, SBOMs, and complete risk profiles to understand their…
