Lloyd's of London, the leading insurance marketplace provider worldwide, has issued a memo notifying insurance firms to exempt coverage for losses from state-sponsored cyberattacks and acts of war beginning next March, according to SiliconAngle.
"The ability of hostile actors to easily disseminate an attack, the ability for harmful code to spread and the critical dependency that societies have on their IT infrastructure, including to operate physical assets, means that losses have the potential to greatly exceed what the insurance market is able to absorb," said Lloyd's in the memo.
Increasing cyberattacks amid the war between Russia and Ukraine have prompted Lloyd's to come to the decision, which comforte AG Cybersecurity Expert Erfan Shadabi said should prompt organizations not to depend on insurance coverage alone for cyber threat mitigation.
Meanwhile, Contrast Security Chief Information Security Officer David Lindner said that enforcing the exclusions may present challenges for Lloyd's.
"Based on their bulletin, it would require the attacked company to declare it a nation-state event which would not work very well. It begs the following questions to be asked: At what point is it a nation-state directly attacking the covered organization and who makes that determination?" Lindner added.
Change Healthcare attack linked to state-backed threat actors Major U.S. healthcare revenue and payment cycle management provider Change Healthcare was noted by its parent firm UnitedHealth Group to have been targeted by suspected state-sponsored threat actors in a cyberattack on Feb. 20, TechCrunch reports.