Cyber insurance market undergoes turbulence as guidance from Lloyd's is revised
In a move aimed at bolstering resilience in the face of escalating cyber threats, the leading insurance market, Lloyd's, has announced plans to phase out coverage for state-sponsored cyberattacks. This decision comes amidst increasing financial pressure on the insurance market and the rise in ransomware attacks over the past few years.
Sridhar Manyem, director at A.M. Best, explains that these exclusions provide an extra layer of protection for insurers against attacks stemming from state-based actors. However, insurers face the burden of proving that these exclusions unambiguously exclude coverage, a challenge that may present difficulties for companies seeking cyber policies.
Enforcement of the new Lloyd's exclusion will also pose challenges, given the undercover nature of many state-sponsored attacks. With the Lloyd's exclusion, insurers will likely face challenges proving that cyberattacks are, in fact, state-backed.
The Lloyd's Market Association introduced cyber war and cyber operation exclusion clauses earlier this year. This decision follows similar moves by several insurers, including Allianz and Munich Re, which have recently announced plans to include specific speech clauses in their cyber insurance policies to protect against attacks by state-sponsored actors.
Munich Re is also taking steps to eliminate systemic cyber war exposure. The Germany-based reinsurer has disclosed plans to add additional language into cyber coverage that protects against acts of war. They are also starting to introduce war exclusions or clauses with similar intent that adequately address the specific challenges of cyber warfare.
Data from S&P Global Ratings shows that cyber insurance premiums are expected to rise 25% per year to reach $22.5 billion in 2025, compared with about $9 billion in 2021. This increase reflects the growing importance of cyber insurance in the face of increasingly sophisticated threats.
However, a study released earlier this month from Blackberry and Corvus shows widespread issues with coverage among small to midsize organizations, which often lack the financial resources of large enterprises. This gap in coverage could leave these organizations vulnerable to costly cyberattacks.
The move by Lloyd's comes as pressure has arisen from the fallout of Russia's invasion of Ukraine, which has sparked considerable fears of attacks against critical infrastructure. The decision by Lloyd's aims to support a competitive and resilient cyber insurance market, ensuring that it can continue to provide vital protection against cyber threats in the long term.
The cyber insurance market is under tremendous pressure due to the rise in ransomware attacks in recent years. In 2021, there was a 232% increase in ransomware claims compared to 2019, and a 54% rate of nonpayment for ransomware claims during the first quarter of 2022, up from 15% during the first quarter of 2019.
As the cyber insurance market adapts to these evolving threats, it remains crucial for companies to stay informed and prepared. The increasing complexity of cyber insurance policies underscores the need for due diligence and careful consideration when choosing a policy. The new guidance encourages managing agents to apply due diligence to the specific complexities of state-sponsored attacks, ensuring that companies are protected against the most dangerous and sophisticated threats.
