Lloyd’s of London advises businesses to “create and develop their own lists” of scenarios that might arise in terms of cyber attack.
Lexology reported on the advice from the insurer, passed on by lawyer Jonathan Reich of Womble, Carlyle, Sandridge and Rice LLP, in the form of a “market bulletin” earlier in November. The memo, while aimed at “syndicates which make up the Lloyd’s insurance market”, is also useful for “insight into how this insurance market leader believes its constituents should be approaching cyber insurance”.
Reich adds that the memo “can be applied to business owners and purchasers of cyber insurance as well”, stating that businesses should “create and develop their own lists of ‘plausible but extreme’ types of cyber-attack scenarios” along with lines of business that “may be affected”. He notes that “this is good advice for anyone purchasing cyber insurance” as it is “important for policyholders to understand what types of cyber attacks would most affect their business”.
In turn, the information is useful because it can help identify “the possible scope and scale of the attack”, as well as the “possible expense”, and with these details “a business can plan for what types and how much insurance to purchase”. Different types of attack include denial of service (DDoS), data theft or damage, reputational harm or physical damage, and economic damage “may differ” for each, with Reich concluding businesses “should be asking themselves” these questions when buying cyber insurance.