Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Video

Courts May Decide If Lloyd's Must Cover Nation-State Attacks

Expect Legal Wrangling and Attribution Questions, Says Cordery's Jonathan Armstrong
Jonathan Armstrong, partner, Cordery

Insurance market giant Lloyd's of London has announced that beginning in March 2023, its cyber insurance policies will no longer cover state-sponsored cyberattacks.

See Also: Strengthening Microsoft 365 with Human-centric Security

But attack attribution often being more art than science, will Lloyd's be able to deny claims based on, for example, the technical footprint of the attacker? Expect the answer to be decided in court, predicts Jonathan Armstrong, a partner at London-based law firm Cordery.

"We won't know until we know how the courts are going to interpret these clauses, and that might be four or five years down the line," he says. "One thing we will see is that insurers aren't equal. We have seen from the cases that we've been involved with some good insurers who will stand shoulder to shoulder with clients in a crisis and some other insurers who don't."

Key challenges facing organizations, including their CISOs, will be finding policies with the right coverage and balancing premiums costs with their security investments, he says.

In this video interview with Information Security Media Group, Armstrong discusses:

  • The challenge of attributing online attacks;
  • The role of cyber insurance in mitigating business risk;
  • Why cyber insurance is no substitute for proper policies, practices and procedures.

Armstrong is an experienced lawyer with a concentration on technology, risk and compliance. He has handled legal matters in more than 60 countries involving emerging technology, corporate governance, ethics code implementation, reputation, internal investigations, marketing, branding and global privacy policies. Armstrong co-authored the LexisNexis technology law publication, "Managing Risk: Technology & Communications."

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.