Lloyd's takes tough stand on 'silent cyber' coverage in new mandate

Insurance and reinsurance marketplace Lloyd’s has mandated that from 1 January 2020 all insurers are required to provide clarity about cyber coverage by either excluding or providing affirmative coverage.

In a new market bulletin, Lloyd's said that it believes that it is in the best interests of customers, brokers and syndicates for all policies to be clear on whether losses caused by a cyber event are covered.

"The clarity should be provided by either excluding coverage or by providing affirmative coverage in the re/insurance policy," it said. "To support the market in making the necessary changes this requirement will be implemented using a phased approach."

Lloyd’s will monitor compliance with this new requirement through its regular planned oversight activities which will be set out in the market oversight plan for 2020.

Under the first phase, all first party property damage risks incepting on or after 1 January 2020, regardless whether written on an all risks basis or as named perils, must contain policy language which is explicit as to whether coverage exists or is excluded in respect of losses caused by cyber risks.

This requirement applies to new and renewal policies and to policies written on both a standalone basis or where first-party exposures are combined with other lines within blended products.

For coverholder arrangements, the requirement applies to binding authority agreements that incept on, or after, 1 January 2020. For line slips and consortia, Lloyd’s expects changes to be made as soon as contractually possible after the implementation date.

"Where clarity cannot be provided because wording changes are prohibited by local legal or regulatory requirements, Lloyd’s expects managing agents to assume these policies provide affirmative coverage for the purpose of exposure management," it noted. "Lloyd’s recognises that it will remain a matter for the courts in the local jurisdiction to determine the extent of cover, if any, provided by the policy."

Under the second and third phases, Lloyd's said a market working group, comprised of representatives from Lloyd’s, LMA and managing agents, will be established to consider how the requirement for clarity can best be implemented for liability lines of business. This group will report back to Lloyd’s before the end of the year and Lloyd’s will use this feedback to inform plans for future phases.

Earlier in January 2019, the Prudential Regulation Authority (PRA) issued a letter to all insurers urging them to take more action on ‘silent cyber’ - or non-affirmative cyber risk.

"Lloyd’s own view is consistent with the approach of the PRA," the association said in a statement. "The requirements set out in this bulletin are intended to form a component part of Lloyd’s updated strategy for the oversight of cyber risks. Work on developing the other parts of that strategy is currently underway and our intention is to publish our strategy document in Q3 2019."

Get all the latest re/insurance industry news with our daily newsletter -  sign up here.

More of today's news

'Cyber risk is now a mainstream risk,' says Allianz as it launches new strategy

Markel hires trade credit and political risk underwriter from Coface

‘A’ rating for new Korean Re subsidiary paves way for ‘major hub’

Allianz appoints motor underwriting manager in UK

Miller hires Willis executive to build UK professions practice

Save £600 with the Intelligent InsurTECH Europe Super Early-Bird rate:  Book now