Lloyd’s of London is investigating a potential cyberattack on its network. The insurance market says it has detected “unusual activity” on its systems, and has turned off all external connectivity.
A spokesperson for the company told Tech Monitor: “Lloyd’s has detected unusual activity on its network and we are investigating the issue. As a precautionary measure, we are resetting the Lloyd’s network and systems. All external connectivity has been turned off, including Lloyd’s delegated authority platforms.
“We have informed market participants and relevant parties, and we will provide more information once our investigations have concluded.”
The spokesperson did not comment on whether or not it has been contacted by hackers, or if a ransom demand has been issued, but Lloyd’s has been closely involved with the design and implementation of sanctions imposed on Russia in response to its invasion of Ukraine, which may have put it in the crosshairs of Russian hackers.
Many Russian-speaking ransomware gangs have been active in their support of Vladimir Putin’s regime. In August the NHS 111 service was hit by a cyberattack that knocked out its systems for more than 24 hours. The attack coincided with then prime minister Boris Johnson’s visit to Ukraine to meet Volodymyr Zelensky.
Lloyd’s cyberattack and the campaign against insurers
Insurance providers, particularly those that offer cyber insurance, are a popular target for criminals. Some have even sought to hack cyber insurance databases to ensure that they can demand the entire premium as ransom.
This has led to insurance premiums increasing in price and, in some cases, becoming harder to obtain. French insurance company Axa announced that it would not fulfil any further cyber insurance claims last year, and was itself hit by a cyberattack days later.
A member of the REvil ransomware gang dubbed insurance premiums one of the “tastiest morsels” in an interview with security company Recorded Future. Gangs “hack the insurers first – to get their customer base and work in a targeted way from there,” the unnamed cybercriminal said. “After that, you go through the list, then hit the insurer themselves.”
Lloyd’s, which reported an underwriting profit of £1.2bn for the first half of 2022 has been at the forefront of drafting new cyber insurance clauses. It has instructed its 76 insurance syndicates to remove “nation-state-backed cyberattacks” from insurance policies by March 2023. Losses “arising from a war,” as well as from state-backed cyber attacks, that, “significantly impair the ability of a state to function,” must also be excluded from policies.
Lloyd’s underwriting director Tony Chaudhry said at the time that though the organisation remains supportive of businesses suffering ransomware attacks, the growing size and scale of the threat could “expose the market to systemic risks that syndicates could struggle to manage”.