Lloyd’s of London, the world’s leading insurance market, says that cyber insurance policies it issues after March 31, 2023 will not cover most state-sponsored attacks. Cordery Compliance’s Jonathan Armstrong and Andre Bywater explore what this means for companies and how they should prepare.
It has long been the case that foreign governments have used cyber attacks to make money or to disrupt organizations in other countries. The BBC’s recent “Lazarus Heist” podcast series examined the role of North Korea in cyber attacks, while In March, President Joe Biden spoke of Russia’s role in attacks. And the UK’s NCSC has also spoken of threats from China.
We have seen allegations that nation-states do use cyberwarfare, including ransomware, to raise money for missile programs and conventional warfare but also to spread panic and despair in the same way acts of terror have been used in the offline world for hundreds of years.
In many respects, the announcement is not a surprise. Acts of war have been excluded from conventional insurance coverage for years, too. There’s been litigation over clauses like this since at least the 1920s, and in an alert on the Ukraine war in March, we highlighted this as an area of contention. Then, we talked about the litigation involving Merck & Co. over cyber…
