Lloyd’s Bulletin on Cyberinsurance Exclusions Raises Thorny Issue of Attribution in Cyber Attacks – A Pasich Attorney Discusses with Bloomberg Law & Law360
In a bulletin issued August 16, 2022, by Lloyd’s of London said that it will be requiring its syndicates to include exclusions in all standalone cyber policies for state-backed cyberattacks. In interviews with Law360 and Bloomberg Law, a Pasich attorney discussed the challenges in attributing cyber events to a particular country.
“National governments rarely openly attribute a hack to another country and act in a more strategically ambiguous manner to avoid political pressure to respond,” they told Bloomberg Law.
When speaking with Law360, he noted there’s also the issue of ‘false attribution,’ citing the example of Ukrainians who aren't affiliated with the Ukraine government but have launched effective cyberattacks against Russian infrastructure.
They added: “It might seem like it’s coming from the government when in reality it’s just a patriotic citizen who happens to know their way around computers. That type of attack seemingly wouldn't be excluded under the new standards set by Lloyd’s, but it’s another instance where attribution is hard to pin down.”