Cyber Incident Victim: Lloyd's of London

On October 5, 2022, Lloyd’s of London initiated an investigation into unusual activity detected on its network, prompting immediate precautionary measures. The commercial insurance marketplace disconnected all external connectivity, including its delegated authority platforms, and reset its network and systems. A company spokesperson confirmed these actions were taken to contain potential threats, though they declined to specify whether ransomware was involved or attribute responsibility to any actor. Lloyd’s informed market participants and relevant parties of the disruption but did not disclose technical details about the nature of the unusual activity or its operational scope. The incident occurred amid heightened scrutiny of Lloyd’s geopolitical stance, as the firm had publicly supported sanctions against Russia following its invasion of Ukraine earlier that year.

By October 10, Lloyd’s announced that cybersecurity firms Mandiant and NTT had completed their investigation, finding no evidence of network compromise. Systems were progressively restored with continued monitoring, with full service recovery anticipated by October 12. The company maintained its earlier position regarding cyber insurance exclusions for state-backed attacks linked to war or catastrophic damage—a policy announced in August 2022 and set to take effect in March 2023. This policy required underwriters to exclude coverage for attacks that impair state functions or security capabilities, citing systemic risks exceeding market capacity. Lloyd’s reported a £1.2 billion underwriting profit for the first half of 2022 in September, though no financial impacts from the October incident were disclosed. The investigation concluded without identifying attackers or confirming data breaches, restoring normal operations within one week of initial detection.