Work needed on LMA cyberwar exclusions to address buyer concerns
Frank discussions must drive adaption
Buyers, brokers and insurers need to have open and frank discussions about the Lloyd Market Association’s (LMA) cyberwar clauses, which are causing risk managers concern and are yet to be embraced by the market, according to experts from across the risk transfer divide. The good news for insurance buyers is that key insurers seem willing to adapt the clauses, but one leading figure from the industry stressed that the final wordings should resemble those launched by the LMA at the end of last year.
The LMA published four model cyberwar exclusion clauses in December. The model wordings state that losses from nation-state cyberattacks will no longer be covered. Although they are designed to be used by Lloyd’s syndicates, many LMA wordings form the basis of market-wide exclusions.
However, take-up of the LMA cyberwar wordings has been tentative so far, with buyers not yet sure exactly what they exclude and brokers not entirely happy with the clauses.
One of the key concerns around the cyberwar exclusions is attribution. In order to trigger a war exclusion, the carrier must first prove that a cyberattack was carried out or sponsored by a nation state. However, insurers do not have the means to attribute cyberattacks and governments may have political motivations.
Martin Smyth, group insurance manager at Next and chair of Airmic’s Insurance Special Interest Group, said the clauses are bringing a “new level of uncertainty” just as the cost of cyber cover shoots up.
“When you get something like this – untested, new market exclusions – you do start to think about how it will impact the policy wording. Particularly as that piece of paper has just got much more expensive,” he told Commercial Risk Europe.
Smyth feels that the clauses have yet to be “concisely” explained to buyers, so more discussion is needed.
“There needs to be more engagement between insurers, brokers and buyers to find out what the clauses are trying to exclude and whether it is something that buyers are prepared to accept,” he added.
Jean Bayon de La Tour, head of cyber for continental Europe at Marsh, said during a recent webinar that the broker is unhappy with the LMA’s cyberwar wordings. He explained that Marsh has used some amended versions of the clauses but stressed more discussion is needed to come up with something that suits both buyers and insurers.
“Basically, the goal in discussions with insurers is to understand what is too big for the insurance industry – and unfortunately, we need to exclude it – and what is big, but is sustainable in the insurance market,” he said.
And speaking at Advisen’s cyber risk conference in London last month, Neal Pal, senior product development specialist at Marsh, said the market is on a “journey” to come up with cyberwar exclusions that work for everyone and believes the LMA wordings need adapting to calm buyers’ fears.
He said some buyers are uncomfortable with the fact that they are now being asked to move from a short cyberwar exclusion, or none at all, to one of the LMA wordings, “which is a big jump”.
“A lot of our clients have a war exclusion… but just a couple lines long, which only excludes kinetic war between sovereign nation states. And now they are being asked to move to the LMA 5667 or other exclusions that are a page or a page-and-a-half long. I am not saying one is right and one is wrong. What I am saying is there is a big transition, going from a very short exclusion that clients have been used to over a number of years to something that introduces a number of new concepts, some of which have not yet been been defined in the exclusion itself or don’t have an established meaning in English law, and that at the moment there isn’t any illustrative guidance on,” said Pal.
“I think that sets the scene as to why it has been difficult for some policyholders and, I think it is fair to say, same carriers, to adopt the exclusions right from the get-go,” he added.
The broker said many policyholders haven’t yet had the chance to properly engage with the wordings and the “raft” of new concepts and terms that they need to get to grips with.
He said it is therefore important for brokers to talk with insurers to understand exactly what they are trying to exclude and communicate that with clients.
“That is the piece that is missing at the moment. It is our responsibility as a marketplace, whether you are on the insurer or broker side of the fence, to always bear in mind what the client is looking for,” said Pal.
“We have also got to think about the final destination. I don’t think we have currently reached a consensus as to what that destination is. What is the tolerable exposure that carriers are willing to take? What is the minimum exposure that clients need to have covered?” he continued.
Pal made it clear to insurers that clients ultimately will make the decision whether or not to buy cyber insurance that includes a war clause. “Whether the war exclusion is right for their exposure will be a big decision that clients will have to make,” he said.
Fellow panellist Lyndsey Bauer, partner at specialty Lloyd’s firm Paragon Brokers, said the existing frameworks governing cyberwar clauses needed to evolve and the LMA wordings are a “step forward”.
“But I don’t think we are at the end of the road yet,” she added.
“So, this is a journey – we are not at the end product and there are practicalities in the LMA versions that need to be addressed,” said Bauer. She believes the clauses will push the conversation forward even if the endorsements are not taken up as currently drafted.
“We are moving fast towards consensus but it is going to take time. People need to put in the time to understand the framework and interrogate questions with claims teams or with underwriters themselves,” said Bauer.
Helga Munger, senior cyber claims manager at Munich Re, said the insurance industry is prepared to have open discussion on the LMA’s cyberwar clauses and listen to buyers’ concerns.
“We have that responsibility to be prepared to sit down, discuss them, explain the thinking and also be flexible. They suit very well the purposes they were designed for. Are they the only exclusions that will suit? No. They are the best I’ve seen so far, but I think we should be very open as an industry to having those conversations and making sure people feel comfortable when we explain how these exclusions work,” said Munger.
The insurance industry should advocate for the new clauses, explain the wordings and adapt where necessary, she continued.
But Munger stressed that the insurance market is “very keen” to see cyberwar exclusions that “look like these clauses, that feel like them and would operate in a similar way”, so it has “a degree of comfort” with the risk.
“There is not exactly a timeframe but we are determined to continue to work with people throughout this journey to get a higher adoption rate for these clauses or something similar,” she added.
Munger made clear that the LMA and wider insurance market are simply looking to exclude “intolerable” risks such as cyberwar.
Julian Miller, partner at DAC Beachcroft, said the LMA clauses aren’t prerfect and conceded there will be coverage disputes over the wordings.
“But actually they are pretty good,” said Miller, “and I encourage people to look at them closely.”
“I think one of the four clauses will be suitable for most risks,” he added.
