Sorry, we don’t cover cyberattacks

First, it was everyday flight cancellations. Now, insurers won’t cover cyberattacks.

What happened: Starting next year, Lloyd’s of London insurers (which includes Lloyd’s Canada) will no longer offer coverage for state-backed cyberattacks in their policies.

  • Claimants must also have a “robust process” for determining the source of attacks, which is easier said than done since the line between state-backed and ‘in support of’ is often blurry.  

Why it matters: Recent federal government reports have deemed that state-backed cyberattacks by hostile nations are the “greatest strategic threat to Canada”. Cyberattacks are also becoming more frequent and sophisticated than ever before. 

Why it’s happening: State-sponsored cyberattacks have cost Lloyd’s a lot of money—too much, in the end. The company noted that paying out these high-ticket damages also poses “systemic risk” to the broader insurance market.

  • Lloyd’s is the first insurer to unambiguously remove any such provisions, but other insurers are amending their cybersecurity policies after a ruling last year that entitled pharma giant Merck to collect a payout after a state-backed cyberattack. 

Bottom line: The federal government is working to step up Canada’s cybersecurity game by proactively committing new funding, but victims might lose some (financial) protections.