Insurers in discussions on adding state-backed cyber to UK reinsurance scheme


Insurers have held talks with the UK government over whether its terrorism reinsurance plan should protect state-backed cyber aggression amid increasing concern over holes in the safety net supplied by the private sector. Senior industry leaders have had initial talks with Treasury officers over whether Pool Re, created to transfer terrorism risks, could be extended to protect state-sponsored or war-related cyber aggression, according to people familiar with the matter. These events do not cover under standard insurance policies.

The people said that the Treasury, which completed a strategic review of Pool Re last year, has yet to take place on the issue. Pool Re lived set up in 1993 after underwriters, shocked by IRA bombing campaigns in the UK, pulled back from ensuring acts of terror. It shares bets with primary insurers, and though the insurance industry owns it, it can call on funding from the government in extreme events. It has so distant paid more than £600mn in suits for occasions reported by the government to be the work of terrorists and made up a near-£7bn investment fund. It has never called on the government agreement. Pool Re declined to comment.

The Treasury said it focuses on delivering the outcome of last year’s review, which recommended risk transfer off the public balance sheet and back to the market. “The study sets the strategic direction for the community over the reaching five years to provide the scheme delivers in the best curiosity of its partners, the government, taxpayers, and the wider economy,” the Treasury said. The surge in cyber attacks bringing increasing disruption to companies and infrastructure has raised fears among industry chiefs that the threat will become “uninsurable.” Lloyd’s of London announced last year that it would demand policies written in demand have an exemption for state-backed attacks. It warned that such failures “have the potential to exceed what the insurance market can absorb greatly.” But defining which episodes linked to state actors is difficult, leading to legal battles over what should be covered.

In 2021, pharma gathering Merck succeeded in a US court claim that an exclusion for war-related claims should not apply to its losses in the 2017 NotPetya malware attack, for which the UK has blamed Russia. Food group Mondelez settled with its insurer Zurich in a dispute over whether the NotPetya attack was a “warlike” action and thus excluded from its policy. Bruce Hepburn, a chief administrator at Mactavish, advises commercial insurance buyers, said opening Pool Re to cover state-backed cyber would be a “formula for massive arguments.”

Pool Re currently reinsures physical injury caused by terror raids with a cyber trigger, but not if they are state-backed. And it does not underwrite any financial failures or seizure of data from cyber assaults that are the primary focus of insurance policies. Hepburn added: “The government can determine whether an event was a terrorism event, and there are mechanisms for doing that. How in the hell do you decide it is a state-sponsored cyber attack?” Policymakers worldwide are grappling with the threat of cyber-attacks and the insurance industry’s ability to absorb costs. Last year, the US government called for views on whether a federal response to cyber warrants and whether its public-private terrorism insurance program should have a role. Lloyd’s welcomed the discussions in a statement, saying state-backed cyber attacks were at such a scale that “insurance and tech industries will need to work in partnership with governments to address these risks.”

Under this quick scheme, the government will act as a reinsurer to the work credit insurance industry, transferring the risk of losses arising from company insolvency with insurers, presented by the Association of British Insurers (ABI). Under this system, insurers will take 10% of shares that result from business failure, while the government will take 90% of the bonus and shares.
The reinsurance system “will substantially reduce the domino effect that payment defaults can make across the supply chain,” said Euler Hermes, the most prominent business credit insurer, which issued a statement welcoming the UK government’s reinsurance backstop.

The project will also provide that insurance buyers who experience temporary cash flow problems due to COVID-19 “do not meet an additional strain from the drop in supplier credit available to them,” said the insurer.
These measures will be known for nine months, backdated to April 1, 2020, and run until December 31, 2020, with the chance of an attachment. UK insurers have until June 15 to formally show that they wish to participate in the scheme, covering domestic and overseas trade with payment terms of up to two years.

“Through this milestone agreement, the public and personal sectors are uniting forces to support ‘UK plc’ by maintaining liquidity and trust in the intercompany commerce credit market. This will help our clients through this challenging period, help them to stay competitive, and allow them to take every opportunity to continue dealing with confidence as the UK economy appears from lockdown,” remarked Milo Bogaerts, chief director of Euler Hermes UK and Ireland.
Euler Hermes presented the scheme anticipated to cover 90% of B2B trade credit insurance trades for UK-domiciled businesses. To protect enterprises that the personal credit market cannot guarantee, the Treasury noted that export credit insurance is also open from UK Export Finance to cover exports to 180 countries.

About the author

Olivia Wilson
By Olivia Wilson


Get in touch

Content and images available on this website is supplied by contributors. As such we do not hold or accept liability for the content, views or references used. For any complaints please contact Use of this website signifies your agreement to our terms of use. We do our best to ensure that all information on the Website is accurate. If you find any inaccurate information on the Website please us know by sending an email to and we will correct it, where we agree, as soon as practicable. We do not accept liability for any user-generated or user submitted content – if there are any copyright violations please notify us at – any media used will be removed providing proof of content ownership can be provided. For any DMCA requests under the digital millennium copyright act
Please contact: with the subject DMCA Request.