| Link to Clause |
Notes |
Clause Type (per Lloyd's Attestation Letter) |
| LMA5564A, LMA5564B |
- The lack of attribution in the 'B' version means that, in order for managing agents to be compliant, they will need to articulate to Lloyd's how they expect attribution to be addressed.
|
Type 1 |
| LMA5565A, LMA5565B, LMA5566A, LMA5566B |
- The lack of attribution in the 'B' version means that, in order for managing agents to be compliant, they will need to articulate to Lloyd's how they expect attribution to be addressed.
|
Type 2 |
| LMA5567A, LMA5567B |
- The lack of attribution in the 'B' version means that, in order for managing agents to be compliant, they will need to articulate to Lloyd's how they expect attribution to be addressed.
|
Type 3 |
| LMA5567 - Variant |
None |
Type 3 |
| LMA5567A - Variant (Hamilton) |
None |
Type 2 |
| LMA5567B - Variant |
- The lack of attribution means that, in order for managing agents to be compliant, they will need to articulate to Lloyd’s how they expect attribution to be addressed.
- The definition of impacted state is drafted such that the cyber operation causing an impacted state exclusion (clause 1.3) is not triggered where the cyber operation solely impacts the insured. We understand that Lloyd’s will seek to understand the underwriting controls managing agents have in place when providing such coverage.
|
Type 3 |
Cyber ERM Policy (US) - Chubb
|
- The assessment of compliance has been based on usage of the ERM Policy (US or International) with the ERM General Amendatory Endorsement applied to the US wording (noting the provisions of that endorsement are included in the International wording).
- When a managing agent elects to use the Widespread Event Endorsement, we would encourage them to monitor and manage the limits offered. We understand that Lloyd’s will seek to understand the underwriting controls managing agents have in place when providing such coverage.
|
Type 5
|
| Cyber ERM Policy (international) - Chubb |
| Cyber ERM General Amendatory Endorsement – Chubb |
| Cyber ERM Widespread Event Endorsement (US)- Chubb |
| Cyber ERM Widespread Event Endorsement (International) - Chubb |
| LMA5567A – Variant (Stream) |
- The writeback for cyber operations that cause a state to become and impacted state includes those cyber operations which only impact a single entity.
|
Type 3 |
| War and Cyber War Exclusion - Beazley |
- The lack of attribution means that, in order for managing agents to be compliant, they will need to articulate to Lloyd’s how they expect attribution to be addressed.
|
Type 3 |
| War and State Cyber Operation Exclusion - AIG |
None |
Type 3 |
| War and State Cyber Operation Exclusion (no carveback) - AIG |
None |
Type 2 |
War & Cyber Operation Exclusion - Marsh
|
- The lack of attribution means that, in order for managing agents to be compliant, they will need to articulate to Lloyd’s how they expect attribution to be addressed.
- This clause includes a writeback for losses incurred following a cyber operation as part of a war, where such losses are located outside a sovereign state that is party to that war. When a managing agent elects to provide this coverage, we would encourage them to monitor and manage the limits offered. We understand that Lloyd’s will seek to understand the underwriting controls managing agents have in place when providing such coverage.
- The definition of impacted state is drafted such that the cyber operation causing an impacted state exclusion (clause 1.3) is not triggered where the cyber operation solely impacts the insured or any one essential services provider. We understand that Lloyd’s will seek to understand the underwriting controls managing agents have in place when providing such coverage.
|
Type 4 |
| War Exclusion - Arch |
None |
Type 3 |
| CyberAcuView Base Policy |
- The assessment of compliance has been based on the usage of the CyberAcuView Base Policy with Extension No. 21 - War and Extension No. 6 - Infrastructure Exclusion. The addition of Extension No. 20 - Widespread Event where used as an exclusion further addresses REQUIRMENT B.
- When a managing agent elects to use Extension No. 20 - Widespread Event as a coverage grant, we would encourage them to monitor and manage the limits offered. We understand that Lloyd's will seek to understand the underwriting controls managing agents have in place when providing such coverage.
|
Type 5
|
| CyberAcuView Extension No. 6 - Infrastructure |
| CyberAcuView Extension No. 20 - Widespread Event |
| CyberAcuView Extension No.21 - War |
|
War Exclusion - Mosaic
|
- The lack of attribution means that, in order for managing agents to be compliant, they will need to articulate to Lloyd’s how they expect attribution to be addressed.
|
Type 3 |
| War, Cyber Operations, Terrorism and Civil Disturbance Exclusion - TMHCC |
- Certain terms (Circumstance, Insurer, Insured, Loss, Reported, Cyber Attack, Cyber Event, IT Response Team) are contained in the Cyber Security Insurance policy document and therefore this clause is only compliant with Lloyd's Requirement E (ensure all key terms are clearly defined) when attached to that policy or when a definition of such terms is added to the clause.
|
Type 2 |
War, Cyber Operations, Terrorism and Civil Disturbance Exclusion (with carveback) - TMHCC
|
- Certain terms (Circumstance, Insurer, Insured, Loss, Reported, Cyber Attack, Cyber Event, IT Response Team) are contained in the Cyber Security Insurance policy document and therefore this clause is only compliant with Lloyd's Requirement E (ensure all key terms are clearly defined) when attached to that policy or when a definition of such terms is added to the clause.
|
Type 3 |
| Trium War Exclusion |
None |
Type 3 |
| War Exclusion 23-01 - AIG |
- The lack of attribution means that, in order for managing agents to be compliant, they will need to articulate to Lloyd’s how they expect attribution to be addressed.
- The definition of impacted state is drafted such that the cyber operation causing an impacted state exclusion (clause 1.3) is not triggered where the cyber operation solely impacts the insured. We understand that Lloyd’s will seek to understand the underwriting controls managing agents have in place when providing such coverage
|
Type 3 |
| War Exclusion 23-02 - AIG |
- The definition of impacted state is drafted such that the cyber operation causing an impacted state exclusion (clause 1.3) is not triggered where the cyber operation solely impacts the insured. We understand that Lloyd’s will seek to understand the underwriting controls managing agents have in place when providing such coverage
|
Type 3 |
| War Exclusion 23-03 - AIG |
- The lack of attribution means that, in order for managing agents to be compliant, they will need to articulate to Lloyd’s how they expect attribution to be addressed.
- The definition of impacted state is drafted such that the cyber operation causing an impacted state exclusion (clause 1.3) is not triggered where the cyber operation solely impacts the insured. We understand that Lloyd’s will seek to understand the underwriting controls managing agents have in place when providing such coverage
|
Type 3 |
| AON War and Cyber Operation Exclusion (Aon Amended A) |
None |
Type 3 |
| AON War and Cyber Operation Exclusion (Aon Amended B) |
None |
Type 3 |
WTW Type 5 (AcuView)
(war exclusion with extensions)
|
- The assessment of compliance has been based on the usage of the WTW War Exclusion Endorsement with ‘Extension No. 1 – Attribution of a Cyber Operation’ (where the original policy does not contain attribution language) and ‘Extension No.2 – Infrastructure Exclusion’ (to be used where the original policy does not contain an exclusion that meets the Lloyd’s requirement to exclude ‘significant impairment losses’ or contains an infrastructure exclusion that is narrower than Extension No.2).
- When managing agents elect to use this exclusion, we would encourage them to monitor and manage the limits offered. We understand that Lloyd's will seek to understand the underwriting controls managing agents have in place.
|
Type 5 |
| WTW War Exclusion Endorsement |
| Extension No.1 – Attribution of a Cyber Operation |
| Extension No.2 – Infrastructure Exclusion |
| Zurich War or Cyber Operation Excluded Endorsements (U-SPR-1305-A CW (09/23)) (US) |
- The lack of attribution means that, in order for managing agents to be compliant, they will need to articulate to Lloyd's how they expect attribution to be addressed.
|
Type 3 |
| Zurich War or Cyber Operation Excluded Endorsements (U-ZPRO-804-A CW (09/23)) (US) |
- The lack of attribution means that, in order for managing agents to be compliant, they will need to articulate to Lloyd's how they expect attribution to be addressed.
|
Type 3 |
| Zurich Version A (Global) |
None. |
Type 3 |
| Zurich Version B (Global) |
- The lack of attribution in the 'B' version means that, in order for managing agents to be compliant, they will need to articulate to Lloyd's how they expect attribution to be addressed.
|
Type 3 |
| Zurich Version C (Global) |
- The definition of Cyberwarfare is drafted such that the Cyberwarfare exclusion (clause II.1.C) is not triggered where the use of a Computer System by a Nation-State solely impacts the insured. We understand that Lloyd’s will seek to understand the underwriting controls managing agents have in place when providing such coverage.
|
Type 3 |
AXA XL Cyber War Exclusion
AXA XL Infrastructure Exclusion
|
- The assessment of compliance is based on the use of AXA XL Cyber War Exclusion with the AXA XL Infrastructure Failure Exclusion.
|
Type 5 |