Lloyd’s nation state cyber mandate a ‘PR disaster’ – CFC CEO

The release of Lloyd’s nation state cyber mandate in August turned into a “PR disaster” after a barrage of negative coverage and the insurance industry needs to learn communication lessons, the CEO of the management of general agent (MGA) CFC, with Lloyd’s syndicate, said.

“It was a complete PR disaster, it killed me,” Newman said in response to a question posed by Insurance Business at the 2023 CFC Summit in Chicago on May 18, 2023.

Newman labeled the explosion that erupted from the mandate as a “horrible panic”, probably fueled by the conflict that erupted in Europe at the start of the war in Ukraine with Russia, despite the clauses and intentions of working with Lloyd’s Market Association for three years.

Last year, Lloyd’s unveiled proposed model clauses and an order, effective from the end of March 2023, for its participants to exclude certain state-sponsored attacks and losses in country emerging from a war, arouses broker and client fear and confusion and consequences. in a wave of what was described during the CFC event as negative headlines.

“I’ve never seen worse communication in my life,” Newman said of the order’s aftermath. “I would say in the insurance industry we’re not good at PR, and I think that’s something we need to work on.

“Absolutely as insurers, we have to endure many sins for getting the right message.”

Countering the “digital equivalent of a nuclear strike” – CFC underwriter of Lloyd’s cyber mandate

Newman’s comments came during a Q&A session at MGA’s US broker event and followed a presentation from CFC corporate cyber senior underwriter Beth Granger in which hundreds of attendees heard the changes were not a knee-jerk reaction. reaction or bid to close the walls completely in the country supported by the state. cyberattacks, rather a response to ongoing incidents since 2014 in which Russia has targeted infrastructure in Ukraine. Such attacks highlight what can be possible when cyberwarfare is used to cripple nations.

In a bid to face the specter of systemic cyber risk, the clauses established by lawyers for Lloyd’s participants and the subsequent mandate is a bid to ensure that carriers “exclude losses of actors in the nation state that the environmental disaster is so severe that they destroy the ability of a nation to function”, said Granger.

In layman’s terms, Granger said, it should be the “digital equivalent of a nuclear strike”, an event so large that it cannot be covered by any standard insurance policy.

The cyber underwriter pointed to “dozens of negative headlines” arising from the changes.

“Let’s be very clear, cyber insurers will continue to cover attacks on the nation state as they have done for decades,” Granger said. “It’s important to clarify that this is not a new exemption – we’re just changing the language and upgrading it and bringing it into the modern world.

“It’s a shame to see a change in our market that is fundamentally positive for policyholders being portrayed as negative because it’s essentially been misrepresented in the press and there’s a lot of confusion in our market.”

Cyber ​​remains “a priority area” for compliance with Lloyd’s order, the corporation said

Lloyd’s declined to comment specifically on what was said about the communication on the CFC affair; however, a Lloyd’s spokesperson said that cyber “remains a priority area for Lloyd’s and we will continue to take a pragmatic and innovative approach to support cyber growth at Lloyd’s.”

“The advisory guidance issued in August 2022 ensures that we are responsible for risk management for customers – including potential systemic risks – while approaching this complex field with the expertise and diligence it requires,” said the spokesperson. “Our response ensures that we maintain an adequate capital market for manageable events, while providing clarity for customers on emerging political risks.”

The spokesperson said that rather than applying a “one size fits all” approach, the updated guidance is intended to encourage regulatory agents to “identify and apply appropriate due diligence in the specific complexities surrounding state-sponsored cyberattacks, with potential systemic risks for. customers and our market.”
The spokesman reaffirmed Lloyd’s commitment to the changes, and said the corporation was “not concerned with this decision”.

“This is not a blanket separation but a diversification of risks in a rapidly maturing insurance area,” the spokesperson said. “There are several teams of underwriters working to develop Lloyd’s Lab products to satisfy the need for this cover while managing risk with appropriate capital and pricing to reflect volatility.”