News December 6, 2022

Insurance Business: What the recent Lloyd's mandate actually means for the cyber insurance market

Mia Wallace of Insurance Business, sat down with James Burns, head of cyber at CFC, to discuss the recent cyber mandate issued by Lloyd’s of London.

By Mia Wallace, originally published in partnership with Insurance Business UK on 18th October 2022.

The three distinct stages which the philosopher Arthur Schopenhauer posited all facts must inevitably pass through were seen in sharp relief following the mandate issued by Lloyd’s of London, requiring that cyber policies written in the insurance market have an exemption for state-backed attacks. First, it is dismissed, then it is opposed, and finally, it is accepted as self-evident.

Discussing the move by Lloyd’s to limit systemic risk in the insurance marketplace, Burns highlighted that the initial reaction across the market was largely driven by some initial misreporting around the implications of the mandate.

It was misreported in some quarters as a move designed to exclude all nation-state sponsored or nation-state executed attacks. And that’s not true

“It was misreported in some quarters as a move designed to exclude all nation state sponsored or nation state executed attacks. And that’s not true,” he said. “The aim is to address attacks of such magnitude that they have a catastrophic impact on their target state. And we're talking about extreme scenarios here.

“The other slight misreporting was that Lloyd's was mandating use of one of the four LMA cyber war clauses published earlier in the year. And that's not true, either. The mandate recognises that use of one of the LMA clauses fits the criteria that Lloyds was setting out but actually they're giving cyber insurers the freedom and flexibility to tackle this challenge themselves, as long as the core tenets of the mandate are met.”

You can read the full article on the Insurance Business website