Background
While LMA5469A was issued in October 2022, LMA5468A and LMA5470A were issued on 15 March 2023 (beware the Ides of March!). Since LMA5468A, LMA5469A and LMA5470A are similar to their LMA5468, LMA5469 and LMA5470 predecessors, I recommend reading the analysis of those endorsements separately since I have chosen not to reproduce it here.
In LMA Bulletin LMA22-034-SD, the LMA stated that the changes to LMA5469 made for LMA5469A were ‘to clarify that the limited write-back of cover to the exclusion is subject to all the terms, conditions and exclusions of the policy (and any attached endorsements)’. This statement, however, does not tell the full story since the changes amount to more than a ‘clarification’.
Changing how LMA5468A, LMA5469A and LMA5470A operate
For each of LMA5468A, LMA5469A and LMA5470A, the primacy clauses of their predecessors have been deleted:
‘This endorsement supersedes any other wording in the Policy or any endorsement thereto having a bearing on a Cyber Act, Cyber Incident or Data, and, if in conflict with such wording, replaces it’.
This change should be considered in conjunction with the change to the preamble for the exceptions in paragraph 2:
‘Subject to all the terms, conditions and exclusions contained in this Policy or any endorsement thereto…’
Taken together, these changes are significant because they mean that other exclusions in the policy or attached to the policy – including those relating to cyber or data risks – could operate alongside those of LMA5468A, LMA5469A or LMA5470A. And if any exclusion in the policy applies to an insured’s claim, the claim is excluded. As such, these changes increase the likelihood that an insured’s claim will be excluded.
Rather than ‘clarifying’ how the LMA5468A, LMA5469A or LMA5470A apply, it would be more accurate to say that the exceptions to the exclusions in the amended versions operate differently because they are also subject to the underlying policy’s other exclusions.
Other changes
Other changes introduced in LMA5468A, LMA5469A or LMA5470A are as follows:
- For LMA5469A and LMA5470A, the exceptions to the exclusions now appear in paragraph 2 (i.e. immediately after the exclusions of paragraph 1); and,
- The definition paragraphs are not numbered. As a result, the definition of ‘Cyber Incident’ has sub-clauses (a) and (b), which is inconsistent with the other sub-clauses of the wording which are numbered 1.1, 1.2, 2.1 and 2.2.
Summary of LMA5468A, LMA5469A and LMA5470A
| Exclusion | LMA5468A | LMA5469A | LMA5470A |
| Cyber Act: loss or damage in connection with unauthorised, malicious or criminal act involving access to or use of an electronic device | Excluded | Excluded | Excluded |
| Cyber Incident #1: loss or damage in connection with error or omission involving access to or use of an electronic device | Excluded | Excluded | Excluded |
| Cyber Incident #2: loss or damage in connection with the unavailability or failure to access or use an electronic device | Excluded | Excluded | Excluded |
| Any action taken in controlling, preventing, suppressing or remediating any Cyber Act or Cyber Incident | Excluded | Excluded | Excluded |
| Loss of use or reduction in functionality of Data | Excluded | Excluded | Excluded |
| Repair, replacement, restoration, reproduction of Data | Excluded | Excluded | Excluded |
| Loss or theft of Data | Excluded | Excluded | Excluded |
| Value of Data | Excluded | Excluded | Excluded |
| Exceptions | |||
| If arising out of a Cyber Incident, exceptions for: 1) third party bodily injury; and 2) physical damage to or destruction of third party property. | No such exception | Excepted | Excepted |
| If arising out of a Cyber Act, exceptions for: 1) third party bodily injury; and 2) physical damage to or destruction of third party property. | No such exception | No such exception | Excepted |