US excess casualty cyber clauses

Following Lloyd’s Bulletin Y5258 that confirmed a number of Lloyd’s requirements for clarity regarding US general liability policies in respect of cyber clauses, the LMA has conducted a review of sample clauses that have been submitted for consideration.

The LMA is not providing advice as to whether any of these clauses will be effective as an exclusion or the extent to which it will provide coverage or the extent to which it will apply to any particular set of facts. This will amongst other things depend upon the applicable law and jurisdiction and also the dispute resolution mechanism selected. It is for underwriters to decide whether or not any contractual language is acceptable on any given risk. If in doubt, Underwriters should take their own legal advice to satisfy themselves that the clause is appropriate.

Following this review, the LMA can confirm which carriers’ clauses are compliant with the Lloyd’s requirements set out in the bulletin. Underwriters should therefore be able to use or follow knowing that the cyber language is compliant with the Lloyd’s requirements.

Clause

Exclusion – Access or disclosure of confidential or personal information and data related liability (CG – 21 07 05 14)

Exclusion – Access or disclosure of confidential or personally identifiable information and data related liability exclusion (CUU 669 0320)

Exclusion – Access or disclosure of confidential or personally identifiable information and data related liability exclusion with redefined bodily injury and property damage exceptions (CUU 674 0320)

Access, collection and disclosure of information exclusion - limited bodily injury and property damage coverage for commercial umbrella liability policy

Exclusion Access and Disclosure Everest Re

Berkshire Access and Disclosure