Lloyd’s requirement for cyber war exclusion in Cyber Insurance policies is now a reality


By March 2023, all cyber policies written by Lloyd's Syndicates and Lloyd's coverholders must include suitable war exclusions for losses resulting from state-backed cyberattacks, as announced by Lloyd's in August 2022. With this mandate in mind, the Lloyd's Market Association (LMA) developed four model cyber war exclusions as market standards. These exclusions exclude "cyber operations" and "war", both defined terms in the exclusions. The cyber war exclusion replaces long-standing war exclusions that lacked modern definitions and have become less relevant in the cyber world.

What Happened in the Not-Petya Cyber Attack

What happened in the “Not-Petya” attack in June 2017 best exemplifies the significance of the bystander cyber asset write-back. The US, UK, and Australian governments blamed the Russian military on behalf of the Russian government for the attack, which targeted critical infrastructure in Ukraine. The attack had an impact on some Australian businesses, including Cadbury.
With cyber-attacks on the rise and the lines between government-sanctioned actions and state-sponsored threat actors becoming increasingly blurred, protection for innocent bystander cyber assets is critical.

What is considered a cyber war?

A cyber war is a form of conflict between two or more nations or groups that involve the use of technology, particularly computer networks and the internet, to launch attacks on each other’s computer systems, networks, and infrastructure.

A cyber war may involve a wide range of activities, such as hacking, virus and malware attacks, denial-of-service attacks, and other forms of cyber espionage and cyber sabotage. The goal of these attacks may be to disrupt critical infrastructure, steal sensitive information, damage systems, or gain a strategic advantage over the opposing side.

The term “cyber war” is often used interchangeably with “cyber conflict” or “cyberattack,” but it generally refers to a more sustained and coordinated effort to disrupt or damage an opponent’s computer systems and networks rather than isolated incidents of hacking or cyber espionage.

Does the Australian government have a cyber war fund?

Yes, the Australian government has a cyber war fund known as the Australian Cyber Security Centre (ACSC) Fund. The ACSC Fund was established in 2016 to support cybersecurity initiatives and assist in protecting Australia’s critical infrastructure, networks, and systems from cyber threats. The fund is managed by the Department of Home Affairs and provides financial support for cybersecurity research, development, and education initiatives, as well as for the development and enhancement of cybersecurity capabilities within the government and the private sector. The fund is intended to support Australia’s efforts to defend against cyber threats, respond to cyber incidents, and build resilience against future attacks. Read more https://www.cyber.gov.au/acsc/small-and-medium-businesses