{"id":96092,"date":"2022-11-29T05:09:09","date_gmt":"2022-11-29T05:09:09","guid":{"rendered":"https:\/\/www.commercialriskonline.com\/?p=96092"},"modified":"2022-11-29T12:07:45","modified_gmt":"2022-11-29T12:07:45","slug":"buyer-concern-switches-from-coverage-litigation-to-cyberwar-clauses","status":"publish","type":"post","link":"https:\/\/www.commercialriskonline.com\/buyer-concern-switches-from-coverage-litigation-to-cyberwar-clauses\/","title":{"rendered":"Buyer concern switches from coverage litigation to cyberwar clauses"},"content":{"rendered":"<p>Buyers are growing more concerned about moves by insurers to exclude cyberwar protection than the recent spate of cyber coverage litigation, a leading European cyber broker has told <em>Commercial Risk<\/em>.<\/p>\n<p>Last month, US food-manufacturer Mondelez agreed an out-of-court settlement with Zurich American Insurance, ending its coverage dispute over cyber losses related to the 2017 NotPetya malware attack. The settlement followed a summary judgment in January in favour of US pharmaceutical group Merck in a similar dispute with insurer Chubb. That ruling is being appealed.<\/p>\n<p>The private out-of-court resolution in the Mondelez case was disappointing for those in the market hoping for precedent-setting legal clarity on the issue of cyberwar. Judgments in such coverage litigation are often taken into account by brokers and insurers when drafting policy language.<\/p>\n<p>While the Mondelez and Merck cases were keenly watched, buyers are more interested in developments in the cyber insurance market, which has been busy working on new cyberwar exclusions, according to Jean Bayon de La Tour, head of cyber for Marsh in continental Europe.<\/p>\n<p>\u201cMarsh customers are asking more questions about market-based changes to war exclusions than these particular lawsuits. Unsurprisingly, our clients do not blindly accept when new restrictions\/exclusions are imposed by insurers, so we are having many nuanced discussions with clients right now,\u201d he told <em>Commercial Risk<\/em>.<\/p>\n<p>\u201cThe language pertaining to war in cyber policies is evolving in a positive way, at least via Lloyd\u2019s. It is the language pertaining to state-backed or nation-state cyberactivity that is causing significant concern, particularly where it falls short of armed conflict or physical war between two or more sovereign nations,\u201d he said.<\/p>\n<p>Both the Mondelez and Merck coverage disputes centred on war exclusions triggered by insurers to avoid paying cyber losses under a property insurance policy. However, the litigation highlights the broader issue of how insurance responds to cyberwar and nation-state attacks.<\/p>\n<p>Most insurance contracts exclude acts of war but such wordings were not drafted with cyber losses in mind. NotPetya coverage litigation, among other factors, has caused the insurance market to revisit war exclusions for state-sponsored cyberattacks. At the same time, insurers have introduced exclusions for so-called \u2018silent cyber\u2019 in P&amp;C policies to clarify whether cover is granted or not after a cyber event.<\/p>\n<p>Coverage litigation following the NotPetya attack accelerated discussions on war exclusions and has resulted in new clauses aimed at removing or restricting cover for nation-state cyberattacks. \u201cMost of the case law has interpreted war in the context of physical war, hence insurers wanted to tackle the issue of non-physical war and the subsequent development of new war clauses,\u201d said Bayon de La Tour.<\/p>\n<p>In December 2021, the Lloyd\u2019s Market Association (LMA) published four new model exclusion clauses for cyberwar and state-attributed cyber operations. The updated, voluntary war risk exclusions were developed for standalone cyber insurance and either exclude all coverage due to war or nation-state activity, or provide exemptions such as sub-limited cover for nation-state activity that falls below a certain threshold.<\/p>\n<p>According to Bayon de La Tour, the LMA clauses have had a mixed reception. Many Lloyd\u2019s insurers are keen to utilise one of the options but others do not find the LMA wordings satisfactory and\/or continue to use their own war exclusions, he said.<\/p>\n<p>Acting on behalf of clients, Marsh has also expressed its concerns over the LMA wordings. The broker argued that the new exclusions \u201cmay increase uncertainty regarding the scope and performance of policies that employ them, thus jeopardising the assurance that clients may take from any coverage within their cyber insurance programmes\u201d.<\/p>\n<p>In particular, Marsh said the LMA exclusions rely on a number of \u201cambiguous terms\u201d that currently have either an ambiguous threshold, an unclear meaning or no ordinary interpretation. It also noted that the exclusions introduce the complex term of \u201ccyber operation\u201d, and that the LMA\u2019s proposed criteria for attribution is unclear.<\/p>\n<p>\u201cRecognising that Munich Re and others were in the process of adopting one of the four model clauses, we engaged with Munich Re to address as many of our concerns as possible in an effort to protect and promote our client\u2019s interests,\u201d said Bayon de La Tour. \u201cWe have given feedback to Munich Re on the topic of war and cyber operations exclusion, which is a good step in the right direction but does not solve all our worries,\u201d he said.<\/p>\n<p>While the revised clauses should see the insurance market move towards coverage clarity for cyberattacks, Marsh said it will continue to act in the interests of its clients and engage with insurers to help inform their cyber strategies. \u201cIs it perfect? No, but it can never be perfect. While we are not 100% there, we have made extensive efforts to take a good step in the right direction for the benefit of our clients,\u201d said Bayon de La Tour.<\/p>\n<p>There is a general requirement for all Lloyd\u2019s policies to exclude cyberwar losses but the new LMA war exclusions are not mandatory. However, in August, Lloyd\u2019s announced that syndicates will be required to exclude losses in all standalone cyber insurance policies arising from state-sponsored cyberattacks from 31 March next year.<\/p>\n<p>Lloyd\u2019s effectively restated its existing prohibition on covering war risk and clarified that syndicates must also account for their exposure to a non-physical, cyber-enabled state-on-state attack, which may be as harmful as a physical act of war. However, Lloyd\u2019s does not require an absolute exclusion for state-backed cyberattacks, irrespective of the scale of the impact. Instead, such attacks must be excluded when they cause a significant impairment to another state.<\/p>\n<p>There is a growing gap between Lloyd\u2019s and the broader market, according to Bayon de La Tour. \u201cMany insurers \u2013 within certain parameters \u2013 have expressed their intent to continue to cover an event that is widely attributed to a state actor but is not accompanied by a physical war, through the policy wording construction of a war exclusion with a \u2018cyberterrorism\u2019 carve-out,\u201d he said.<\/p>\n<p>Lloyd\u2019s\u2019 mandate has been misinterpreted by some, according to Bayon de La Tour. \u201cI think it has been understood as broader than it is \u2013 it only excludes attacks that have a \u2018major detrimental impact\u2019 and not all state-sponsored attacks,\u201d he explained.<\/p>\n<p>There is currently no specialist cyberwar risks market, as is the case for aviation and marine, but there is demand for such cover, according to Bayon de La Tour. \u201cWe have had discussions with our war colleagues on that front. As of today, the war market is not ready. But there is a gap and when things stabilise, it might create an opportunity. But it is too early now,\u201d he said.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Buyers are growing more concerned about moves by insurers to exclude cyberwar protection than the recent spate of cyber coverage litigation, a leading European cyber broker has told Commercial Risk. Last month, US food-manufacturer Mondelez agreed an out-of-court settlement with Zurich American Insurance, ending its coverage dispute over cyber losses &hellip;<\/p>\n","protected":false},"author":4,"featured_media":89825,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_uag_custom_page_level_css":"","footnotes":""},"categories":[359,361,144,354,197,313,200,1,194,364,141],"tags":[516,496,444,445,443],"acf":[],"uagb_featured_image_src":{"full":["https:\/\/www.commercialriskonline.com\/wp-content\/uploads\/2022\/04\/Cyber-war_shutterstock_2130738668.jpg",700,400,false],"thumbnail":["https:\/\/www.commercialriskonline.com\/wp-content\/uploads\/2022\/04\/Cyber-war_shutterstock_2130738668-150x150.jpg",150,150,true],"medium":["https:\/\/www.commercialriskonline.com\/wp-content\/uploads\/2022\/04\/Cyber-war_shutterstock_2130738668-300x171.jpg",300,171,true],"medium_large":["https:\/\/www.commercialriskonline.com\/wp-content\/uploads\/2022\/04\/Cyber-war_shutterstock_2130738668.jpg",700,400,false],"large":["https:\/\/www.commercialriskonline.com\/wp-content\/uploads\/2022\/04\/Cyber-war_shutterstock_2130738668.jpg",700,400,false],"1536x1536":["https:\/\/www.commercialriskonline.com\/wp-content\/uploads\/2022\/04\/Cyber-war_shutterstock_2130738668.jpg",700,400,false],"2048x2048":["https:\/\/www.commercialriskonline.com\/wp-content\/uploads\/2022\/04\/Cyber-war_shutterstock_2130738668.jpg",700,400,false],"image-publication":["https:\/\/www.commercialriskonline.com\/wp-content\/uploads\/2022\/04\/Cyber-war_shutterstock_2130738668-390x223.jpg",390,223,true],"image-publication-large":["https:\/\/www.commercialriskonline.com\/wp-content\/uploads\/2022\/04\/Cyber-war_shutterstock_2130738668-476x272.jpg",476,272,true],"jannah-image-small":["https:\/\/www.commercialriskonline.com\/wp-content\/uploads\/2022\/04\/Cyber-war_shutterstock_2130738668-220x150.jpg",220,150,true],"jannah-image-large":["https:\/\/www.commercialriskonline.com\/wp-content\/uploads\/2022\/04\/Cyber-war_shutterstock_2130738668-390x220.jpg",390,220,true],"jannah-image-post":["https:\/\/www.commercialriskonline.com\/wp-content\/uploads\/2022\/04\/Cyber-war_shutterstock_2130738668.jpg",700,400,false],"featured-2":["https:\/\/www.commercialriskonline.com\/wp-content\/uploads\/2022\/04\/Cyber-war_shutterstock_2130738668-530x340.jpg",530,340,true],"editors-pick":["https:\/\/www.commercialriskonline.com\/wp-content\/uploads\/2022\/04\/Cyber-war_shutterstock_2130738668-219x115.jpg",219,115,true],"archive-thumbnail":["https:\/\/www.commercialriskonline.com\/wp-content\/uploads\/2022\/04\/Cyber-war_shutterstock_2130738668-375x375.jpg",375,375,true],"mobile-thumbnail":["https:\/\/www.commercialriskonline.com\/wp-content\/uploads\/2022\/04\/Cyber-war_shutterstock_2130738668-375x300.jpg",375,300,true],"single-feature":["https:\/\/www.commercialriskonline.com\/wp-content\/uploads\/2022\/04\/Cyber-war_shutterstock_2130738668-700x400.jpg",700,400,true],"square-thumbnail-s":["https:\/\/www.commercialriskonline.com\/wp-content\/uploads\/2022\/04\/Cyber-war_shutterstock_2130738668-100x100.jpg",100,100,true]},"uagb_author_info":{"display_name":"Ben Norris","author_link":"https:\/\/www.commercialriskonline.com\/author\/ben-norris\/"},"uagb_comment_info":0,"uagb_excerpt":"Buyers are growing more concerned about moves by insurers to exclude cyberwar protection than the recent spate of cyber coverage litigation, a leading European cyber broker has told Commercial Risk. Last month, US food-manufacturer Mondelez agreed an out-of-court settlement with Zurich American Insurance, ending its coverage dispute over cyber losses &hellip;","_links":{"self":[{"href":"https:\/\/www.commercialriskonline.com\/wp-json\/wp\/v2\/posts\/96092"}],"collection":[{"href":"https:\/\/www.commercialriskonline.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.commercialriskonline.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.commercialriskonline.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.commercialriskonline.com\/wp-json\/wp\/v2\/comments?post=96092"}],"version-history":[{"count":1,"href":"https:\/\/www.commercialriskonline.com\/wp-json\/wp\/v2\/posts\/96092\/revisions"}],"predecessor-version":[{"id":96093,"href":"https:\/\/www.commercialriskonline.com\/wp-json\/wp\/v2\/posts\/96092\/revisions\/96093"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.commercialriskonline.com\/wp-json\/wp\/v2\/media\/89825"}],"wp:attachment":[{"href":"https:\/\/www.commercialriskonline.com\/wp-json\/wp\/v2\/media?parent=96092"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.commercialriskonline.com\/wp-json\/wp\/v2\/categories?post=96092"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.commercialriskonline.com\/wp-json\/wp\/v2\/tags?post=96092"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}