- Urgent climate action can secure a liveable future for all-IPCC
- Insured losses from natural catastrophes break through $100bn threshold again in 2022-Swiss Re
- PERILS initial insured loss estimate for the Kahramanmaras Earthquake Sequence at TRY65.4bn
- GFIA publishes principles on diversity, equity and inclusion
- Geneva Association new report looks at emerging Commercial Liability risk
- PartnerRe reports "solid underwriting results" in 2022
- Open your APIs: electronic placement is evolving-Ebix expired
- SCOR Syndicate delivers strong results in 2022 with £22.6m profit and a 90.1 combined ratio expired
- HDI Global results 2022 show strong profitable growth and improved combined ratio expired
- How to grow retirement savings: Things to consider when saving for the future-Insurance Europe expired
- Deregulating digital innovations will boost growth in South Korean insurance industry-GlobalData expired
- Spain insurance industry direct written premiums to surpass $100bn in 2027-GlobalData expired
25th January 2023
Cyber War & Cyber Operation Clauses updated by LMA
The Lloyd's Market Association(LMA) Cyber War working group has published the following clauses:
LMA5564A & LMA5564B
LMA5565A & LMA5565B
LMA5566A & LMA5566B
LMA5567A & LMA5567B
These clauses are replacements for the original suite of cyber war clauses(LMA5564-LMA5567 inclusive). The ‘A’ versions meet the requirements of Market Bulletin Y5381 in relation to stand alone cyber-attack policies under risk codes CY and CZ, which requirements take effect from 31st March 2023 at the inception or renewal of each policy. The ‘B’ versions do not address attribution and are therefore not compliant without prior agreement from Lloyd’s.
Differences between ‘A’ and ‘B’ clauses
The sole difference between the ‘A’ and ‘B’ versions is that the latter do not contain agreement as to how a cyber operation is attributed to a state in order to determine whether the exclusion operates. The Market Bulletin Y5381 states, amongst other requirements, that attribution be dealt with in the exclusion clause itself. Lloyd’s does however state in its bulletin that alternative approaches will be considered and where the requirements listed in the bulletin are not met, they will be considered on a case by case basis. Lloyd’s has also confirmed to the LMA that clauses which do not reference attribution will be considered by them so long as there is a mechanism for dealing with resolving questions of attribution in the policy or a robust reason can be given for why it is not required. If you wish to use any of the ‘B’ versions, you will need to evidence to Lloyd’s that a mechanism for addressing attribution has been agreed with insureds(or otherwise explain why it is not required).
Definition of state
In the drafting of this clause, use of the term “sovereign state” and how it would operate in these exclusions has been the subject of discussion. LMA5565A (and B)– LMA5567A(and B) are not drafted to exclude losses arising from a cyber operation undertaken by a state which causes major detrimental impact to another part of the same state, unless those cyber operations occur as part of an armed conflict (or the immediate preparation for armed conflict). Where there is the potential for disputes over sovereignty, underwriters are encouraged to seek legal advice and consider whether additional clarity is required.
All LMA model clauses are purely illustrative and are published and distributed for the guidance of Lloyd’s managing agents, brokers and other market participants. All contracting parties are free to agree to different conditions/amend the model clauses as they see fit; the LMA does not protect its intellectual property rights over model clauses. It is for underwriters to decide whether or not any contractual language is acceptable on any given risk. The clauses are available on the Lloyd’s Wordings Repository (LWR).
Lloyd's Trends(2,776 articles)
Cyber Trends(1,371 mentions in Insurance Newslink)