Born of frustration: what’s delaying take-up of LMA cyber war exclusions?
The take-up of the four Lloyd’s Market Association (LMA) cyber war exclusion clauses, launched in December 2021, has been tentative so far despite the heightened risks and fears of a cyber war as the conflict in Ukraine continues.
Ongoing concerns about wording of the four clauses, also called versions, and other practicalities means the re/insurance industry is still discussing adoption and implementation with no end in sight. This hesitation is causing frustration for some.
A panel of industry executives agreed that the adoption of the LMA’s cyber war exclusions was at the beginning of its journey and that more discussions were required, hence the delay in wider take up.
The launch of the clauses is a major change for re/insurers, and represents the first update to war risk exclusions that tackles the nebulous risk of cyber war in direct terms. The LMA’s clauses were designed to offer a scalable approach to cover for cyber war and state-attributed cyber operations.
The fact that the industry had lived with these versions for two years while they were being developed “makes it all too easy to think that people should take those up immediately”, said Munich Re senior cyber claims manager Helga Munger.
But, she added: “It is the responsibility of the re/insurance industry to inform the market and to be open to having discussions on this. The LMA clauses that were published in late 2021 are a framework, they’re a toolbox of clauses that can be used for different types of business risks—going from the very strong exclusion in version 1 right through to hugely broad cover in version 4.”
As a speaker at the “Crafting Cyber War Exclusions”‘ keynote panel at the Advisen Cyber Risks Insight Conference, Munger told the audience: “The clauses suit very well the purposes they were designed for. Are they the only exclusions that will suit? No, probably not. They’re the best I’ve seen so far.”
“There are practicalities within the LMA versions that need to be addressed.” Lyndsey Bauer, Paragon Brokers
Paragon Brokers partner Lyndsey Bauer said it was important that brokers were able to understand what the intended application of an exclusion would be so that they could explain it to their clients. The current situation in Ukraine is challenging the industry to look at things very differently to push the boundaries of some of what, historically, may have been ignored as standard language in a policy contract, she added.
“We’re all on the same page here: we want a cyber market that’ll be sustainable, we want to be able to provide a permanent cover for the types of risks that are being underwritten, and clients can be made aware that there is a market that provides cover for assets that are exposed to things such as war and political violence.”
Suggesting that eventual take-up of the new cyber war clauses was vital, Bauer said: “The current frameworks that pre-existed the LMA offering leave too much ambiguity, too much to be discussed, not enough certainty.
“I don’t think it’s very helpful to go into a situation where you anticipate that you’ll have to litigate to get clarity. So, starting from the perspective of trying to address the known issues, and yes, this is a journey, we’re not at the end product. There are practicalities within the LMA versions that need to be addressed.”
Understanding exclusions
Neal Pal, senior product development specialist at Marsh, said the exclusions were important for his clients, some of which are affected by state-sponsored actors such as Nobelium, Hafnium and Lazarus Group.
“Which war exclusion they use and how it’s worded is very important to them. They will take time to decide what is best for them,” he said.
Pal reiterated that there is no mandate by Lloyd’s at this current moment to use these exclusions and that the endorsements can be amended, which provides some opportunity for improvement.
“It’s very important that brokers and carriers work together to try and improve on these exclusions, if necessary, for particular clients according to their needs because what is important for one client will be different for another.”
DAC Beachcroft partner Julian Miller stated that all four LMA clauses were drafted with the intention that they could be used on standalone cyber policies.
“No-one expects these clauses to be used for 80 years, they will evolve and that’s to be welcomed.” Julian Miller, DAC Beachcroft
“There are many policies which include some cover for cyber risks which are not standalone cyber policies, and for many of those version 1 of the LMA clauses will be entirely suitable. It’s a very simple clause, it excludes war cyber operations. It doesn’t have some of the more complex concepts such as bystanding assets or retaliatory cyber operations and so on, which might be causing hesitation,” he said.
Miller said LMA clause version 1 would be suitable for “a significant number of contracts”.
“Although the temptation might be to jump to version 4, which includes the major detrimental impacts to the functioning of a state, it is also the most complex of the clauses and will cause the most hesitation,” he cautioned.
“We’re at the beginning of this journey—the nature of cyber risk continues to evolve very rapidly. The NMA 464 clause was written in 1938. It doesn’t mention the word cyber, unsurprisingly. That clause has been prevalent for 80-odd years.
“No-one expects these clauses to be used for 80 years, they will evolve and that’s to be welcomed, it’s a positive start.”
Cyber war and cyber operation exclusion clauses
- LMA 1: Excludes cover for any losses happening through or in consequence of war or a cyber operation.
- LMA 2: Places specific sub-limits on payouts in the event of cyber operations, but excludes absolutely those operations launched in war, in retaliation by specified states, or which cause major detrimental impacts to the functioning of a state.
- LMA 3: As LMA 2, but with no specified sub-limits on payouts to claims.
- LMA 4: As LMA 3, but allowing for coverage to bystanding assets (ie, those caught up in, or damaged by, a cyber operation, but not those targeted) resulting from cyber operations causing major detrimental impacts to the functioning of a state.
Already registered?
Login to your account
If you don't have a login or your access has expired, you will need to purchase a subscription to gain access to this article, including all our online content.
For more information on individual annual subscriptions for full paid access and corporate subscription options please contact us.
To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.
For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk
Editor's picks
Editor's picks
More articles
Copyright © intelligentinsurer.com 2024 | Headless Content Management with Blaze