My good friend Judy Greenwald reported for that “Lloyd’s of London will require standalone cyber policies to include state-backed cyberattack exclusions beginning in March 2023, it said in a market bulletin this week.”  The August 18, 2022 article entitled “Lloyd’s requiring state-backed cyberattack exclusions” included these comments from my friend Judy Shelby (partner with Kennedys Law LLP in New York):

…”the big takeaway” here is that “there’s been a lot of focus over the last few months particularly with regard to cyber war, and the bulletin makes clear that the focus should be on state-backed attacks, whether in the context of war, or non-war situations.” 

Also the article included comments that “Lloyd’s said in Tuesday’s bulletin that in addition to any war exclusion, new or renewed standalone cyber policies should”:

– Exclude losses arising from a war, whether declared or not where the policies do not have a separate war exclusion;

– Be clear as to whether the cover excludes computer systems that are located outside any state affected by the state-backed cyberattack;

-Subject to the former requirement, exclude losses arising from state cyberattacks that significantly impair a state’s ability to function or its security liabilities.

– Set out on a “robust” basis the parties’ agreement;

– Ensure all key terms are clearly defined.

How does this impact you?