Bank of America has expressed its concerns over Lloyd’s recent policy decision to exclude cyber insurance coverage for large corporations hit by cyber attacks funded by adversary states. The decision to exclude such attacks from standard insurance policies is tentative, but the London-based insurance firm is sure that recent developments, such as the 2017 NotPetya attack on the NHS, have made it think twice about including the costs incurred through such incidents under general cyber insurance coverage.
It is still unclear whether the company plans to introduce a separate insurance cover with a title tag and an extra premium to bring such attacks under special cover. As of now, it offers a standard policy under which a company needs to follow all security procedures to be covered under the attack. However, if the attack seems to be motivated by retaliation or ideology, the costs incurred will not be covered in the marketplace.
State-funded attacks are those that are ideologically motivated and not financial. To date, China, Russia, and North Korea have launched such digital invasions either to create political rifts, concerns among the populace (such as the Moscow invasion of Ukraine), espionage, or to steal funds to fulfill nuclear ambitions.
Excluding such invasions might trigger backlash from customers. However, if the financial services offering firm offers clarity, it can face a win-win situation, as any state-backed attacks can bring partial or complete impairment to state infrastructure, leading to a cyber war, with an exclusion mentioned in the cyber policy cover in the fine print.