back to article Lloyd's of London suggests insurers should not cover 'retaliatory cyber operations' between nation states

Lloyd’s of London may no longer extend insurance cover to companies affected by acts of war, and new clauses drafted for providers of so-called "cyber" insurance are raising the spectre of organisations caught in tit-for-tat nation state-backed attacks being left high and dry. The insurer's "Cyber War and Cyber Operation …

  1. Wellyboot Silver badge

    Not a clever move.

    >> insurance companies attributing cyber attacks to nation states <<<

    Best case - Nation states who may well be able find out exactly how much the company knows before trotting down to their friendly UK libel lawyers!

    Worst case - insurance companies bank accounts, IT and all backups become a train wreck overnight.

    I'd have used Elbonia as a 'bad actor' example as well - just saying...

  2. Eclectic Man Silver badge

    Culpability

    I do wonder how the insurance companies would attribute 'cyber crime' to nation states and whether that would include actors geographically located in, say Russia, which are not an official part of the government, but which, at least in the hallowed walls of the Register, are often associated with the government. At least tolerated (while they do not attack Russia's interests) etc. The various groups known as 'Russian Business Network', 'Russian Bear' and other actors (Google them at your own risk) are often considered by Western media to be working with or for the Russian state, if not actually part of it.

    1. amanfromMars 1 Silver badge
      Pirate

      Re: Culpability with Multiple Obvious Points of Abject Failure

      Who here is going to say that the likes of a GCHQ/MI6/MI5 is not to be a vital hostile nation state hacker of note, especially as such organisations needs to be in order to be in any remote way effective in providing secret state security systems their relative protection from foreign harm or alien intrusion ..... Novel Smash and Grab, Crash and Trash Raiders and AIMarauders?

      How on Earth can one defend against a friend or a foe if one is ignorant of their abilities and bereft of their facilities and utilities.

      The Jolly Roger icon is very APT with regard to this post methinks.

  3. tiggity Silver badge

    As expected

    Any excuse to avoid a payout for insurance companies, par for the course.

    (caveat there are lots of insurance types vehicle, cycle, house, personal indemnity, insurance for specific high value items etc. these are just some broad points, may not apply to all insurance types)

    .. Dig out any insurance policies you may have, look through the exceptions, you may be surprised at what's excluded.

    .. Look for max payouts for various items (unless specifically named and given a value of part of policy setup) - your expensive kit may essentially be insured for peanuts.

    .. if your insurance still has an act of god clause then its really bad.

    .. See what "excess" you have to pay regardless, look at implications of losing any no claims bonuses etc.

    .. If insurance is for something that may appreciate in value (e.g. house) - chances are the insurance value will stay the same, onus will be on you to reinsure if there's a house price boom & you can easily end up under insured.

    .. Chances are you will find something, somewhere where you are getting stiffed (in a bad way) by an insurer.

    1. Anonymous Coward
      Anonymous Coward

      Re: As expected

      "Chances are you will find something, somewhere where you are getting stiffed (in a bad way) by an insurer."

      And if you can't find it, they certainly can.... right there, at the bottom of page 79, in light grey 1pt Times Roman... no, no, written on top of the full stop at the end of para 23... try at x250 magnification

    2. Peter2 Silver badge

      Re: As expected

      Like many people, I have house & car insurance and that's about it.

      Both state that "acts of war" are excluded from coverage.

      1. Stork Silver badge

        Re: As expected

        I think mine exclude civil unrest too

    3. steelpillow Silver badge
      Megaphone

      Re: As expected

      "Any excuse to avoid a payout for insurance companies, par for the course."

      Fat lot you know about it, then. Lloyds of London has historically been about the only insurance company to offer unlimited insurance. For most of its life it has been a collective, with private individuals or "names" joining insurance syndicates within Lloyds, and being personally liable for any losses. It was the syndicate who cut the deal, and shared out reinsurance among many other syndicates. Lloyds thus became one of the very few places willing to take on the risk of insuring say a merchant ship in the 1700s or a spacecraft in the 1900s.

      That all went titsup a few decades ago in one of the great financial crashes (US mortgage scam?) and several syndicates went bankrupt. The names had to cough up the difference and many likewise lost their shirts as well as their livelihoods.

      As a matter of survival, Lloyds had to reform itself along somewhat more conventional lines, with its payout terms no longer unlimited among other things. But it still has a reputation second to none.

      Acts of war are traditionally excluded from insurance policies; if you are a home or car owner, that clause is surely in there. The above background gives you some clue as to why. It is high time Lloyds brought its cyber Ts&Cs in line with sanity. And that is pretty much what this is.

    4. steelpillow Silver badge
      Boffin

      Re: As expected

      "See what "excess" you have to pay regardless, look at implications of losing any no claims bonuses etc."

      ...

      "you can easily end up under insured."

      Don't knock 'em. Both of these are great ways to cut the insurance premium down to size.

      There is an old adage, "Only insure what you cannot afford to replace yourself". For example I cannot afford to replace my house, but I could replace about half its contents. So I underinsure the contents, which lowers the premium. Bumming around in an old rattletrap, I insured my car third party only. Fast forward to when I am drowning in mortgage payments and taking a big estate full of my young family across the country to stay with relatives, and now it's fully comprehensive - and I joined a breakdown organization.

      The excess is a way of getting rid of trivial claims of a few quid, where the cost of administration is more than the claim is worth. If you are willing to pay say the first £500 yourself, then the company knows you will not bother it with the cat pissing on the carpet four times a year, so it will give you a lower premium. I always go for the maximum excess on offer, not the smallest; you'll be amazed at the difference it makes.

      1. KBeee Silver badge

        Re: As expected

        Comprehensive insurance is often cheaper that Third party nowdays. Money Saving Expert explains it by saying the insurers take it to mean you're more "serious" about safety and less fly-by-night.

    5. the spectacularly refined chap Silver badge

      Re: As expected

      Any excuse to avoid a payout for insurance companies, par for the course.

      I'm currently working in insurance, for a claims handling firm rather than an underwriter. I know bashing insurers is always popular but a lot of the usual criticisms are simply divorced from reality. Start with the obvious first - we're claims handlers, not underwriters - we have no financial incentive to deny or underpay a valid claim. Indeed it works out much better for us financially if we can avoid complaints.

      Dig out any insurance policies you may have, look through the exceptions, you may be surprised at what's excluded.

      Better, read the policy before taking it out. Of course exclusions exist. Where they are there they exist for a reason. Typically they are there to counter fraud, reduce premiums to a manageable level, or things insurance is simply not designed to cover.

      Look for max payouts for various items (unless specifically named and given a value of part of policy setup) - your expensive kit may essentially be insured for peanuts.

      Again, read your policy in advance. Article limits apply for a reason. You live in a council house and have lost two £8000 Rolexes? Have you declared them? Any proof of their existence? And you expect them to be covered? Yes, our handlers deal with such claims every day.

      If insurance is for something that may appreciate in value (e.g. house) - chances are the insurance value will stay the same,

      Buildings limits are based on rebuild cost, not market valuation. Your policy will explain this, clearly you haven't read it.

      So it boils down to what I said at the outset: read your policy and make sure it is suitable. Insurers are realistic: paying claims is an inevitable cost of business. Policies are designed to be understandable and the Ombudsman will quickly throw out any unfair clauses.

      Alternatively go the old fashioned route and discuss your requirements with a broker: if your policy is unsuitable you then have a mis-selling claim. If you buy from a Meerkat or whatever based purely on price you need to do your own homework to ensure the policy is suitable. If you don't understand what you have bought or can't be bothered to read the policy that is not the insurer's fault. Insurance is a complex product and ultimately the onus is on you to understand your cover.

      1. Missing Semicolon Silver badge

        Re: As expected

        You've joined the hive mind, I'm afraid.

        The Ts&Cs are usually as vague as legally possible, to ensure that a claim can be denied based on the insurance companies interpretation of the policy.

        This example allows any insurance company to declare, independently, that an attack is state-sponsored, so no payout. Rendering the whole policy moot.

      2. John Brown (no body) Silver badge

        Re: As expected

        "Insurance is a complex product and ultimately the onus is on you to understand your cover."

        While I agree with the general thrust of statement, I'd point out that few people are legally trained, unlike the people who write the policies. This means certain words and phrases may have a specific meaning in terms of the law that many people will not understand and consequently can mean a policy may or may not cover what the purchaser thinks it does. As you are in the industry, I'm sure you must be aware of many words and phrases used in policies that have specific legal meanings but often mean something quite different when used in day to day conversation by people not in an industry full of legal caveats.

  4. DS999 Silver badge

    Good

    As it is difficult to prove who is behind a specific ransomware attack, if this spreads through the insurance world ransomware attacks will no longer be covered and won't allow victims to easily pay up thus encouraging more ransomware attacks.

    To the extent it becomes difficult to insure against the dwindling number of non ransomware attacks companies might be forced to invest resources into protecting themselves instead of doing the bare minimum required by the insurance carrier.

    1. Clausewitz 4.0 Bronze badge
      Devil

      Re: Good

      Generally speaking, insurance folks that I read about from some old news website, are all scammers.

      They prefer to tip police officers and politicians instead of doing a serious business arrangement. Problem is, police officers and politicians are rotated from time to time, so the tip only grows over time - and by not reaching a settlement, their balances go down. And their business model looks more and more like failure.

      It is way past the time for them to pay-up if they screwed up.

  5. Pascal Monett Silver badge

    "organisations caught in tit-for-tat nation state-backed attacks being left high and dry"

    Understandable, even if it is an easy cop-out for insurers.

    It is obvious that insurers, however close to lawyers they may be, do not have the funds to reimburse damages that can be attributed to acts of war.

    Otherwise, if you really want that kind of protection, imagine what your insurance bill is going to become . . .

    1. Clausewitz 4.0 Bronze badge
      Devil

      Re: "organisations caught in tit-for-tat nation state-backed attacks being left high and dry"

      Otherwise, if you really want that kind of protection, imagine what your insurance bill is going to become . . .

      There are well-know precedents saying otherwise:

      https://www.economist.com/finance-and-economics/2002/05/16/one-attack-or-two

  6. Phones Sheridan Bronze badge

    I've often wondered why they don't just put a clause in the policy that says something along the lines of "you must have a working, regularly tested documented backup that does not solely rely on replication".

  7. Sixtiesplastictrektableware Bronze badge

    Shirley there was a similar clause for slave ships?

    1. Wellyboot Silver badge

      A ship is a ship and gets insured as such. I'd expect the insured value of cargo to be at replacement cost. Until the slave trade abolition act of 1807 slave ships and their 'cargo' were legal and could be insured1.

      After that act was passed slave ships were treated as pirate ships and dealt with as such. The Royal Navy after Trafalgar didn't take much notice of the national flag that ships were flying, any ship was subject to being stopped and inspected.

      1 Lots of factors are taken into account (possibly even ethics) that can make insurance uneconomical, possible slave uprisings on ships may have been viewed in a similar manner to a modern teenager asking to insure a Ferrari.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022