Lloyd's of London cuts off network after dodgy activity detected
Is it Putin? Is it the Norks? Is it a bored teenager? Roll the dice
Updated Lloyd's of London has cut off its IT systems and is probing a possible cyberattack against it after detecting worrisome network behavior this week.
"Lloyd's has detected unusual activity on its network and we are investigating the issue," a spokesperson told The Register on Thursday.
"As a precautionary measure, we are resetting the Lloyd's network and systems. All external connectivity has been turned off, including Lloyd's delegated authority platforms."
That's another way of saying its computers have been shut down and/or disconnected from the outside world.
The UK-based insurance marketplace, which is made up of about 80 insurance syndicates that underwrite risk, added: "We have informed market participants and relevant parties, and we will provide more information once our investigations have concluded."
Lloyd's spokesperson wouldn't be drawn on further immediate details regarding the security snafu, including whether any data was stolen, if it was a ransomware attack, and who was potentially behind the intrusion.
The insurance market has supported sanctions against Russia that aim to punish President Vladimir Putin for invading neighboring Ukraine. These include a UK and European Union ban on insuring ships carrying Russian oil.
Additionally, word of the weird Lloyd's network activity comes shortly after a warning from Kyiv that Russia plans to conduct "massive cyberattacks" on Ukraine and its allies' critical infrastructure and power grids.
The odd network traffic at the insurance souk follows several high-profile cyberattacks over the past couple months that hit a major US healthcare network, the Los Angeles Unified School District, Uber and Rockstar Games.
- Unhappy about excluding nation-state attacks from cyberinsurance? Get ready to pay
- Lloyd's to exclude certain nation-state attacks from cyber insurance policies
- Huge nonprofit hospital network suffers IT meltdown after 'security incident'
- Moody's turns up the heat on 'riskiest' sectors for cyberattacks
Even before detecting a possible IT intrusion, Lloyd's has been in the infosec headlines since late August after making changes to its policies that will soon prohibit its syndicates from covering losses arising from certain nation-state cyberattacks and those that happen during wars.
In a memo sent to its syndicates, underwriting director Tony Chaudhry said Lloyd's remains "strongly supportive" of cyberattack coverage. However, as these threats continue to grow, they may "expose the market to systemic risks that syndicates could struggle to manage," he added [PDF], noting that nation-state-sponsored attacks are particularly costly to insure.
According to Lloyd's 2021 annual report, it took in £39.2 billion ($45 billion) in gross written premiums and took in £2.3 billion ($2 billion) in profit before tax. ®
Updated to add on October 10
A spokesperson for Lloyd's has been in touch to say it took some systems offline last week, and should be back to normal operations from October 12:
Last week, unusual activity was detected on the Lloyd's network. As a result, the proactive decision was made to take some systems offline and perform a cyber security investigation. This was led by a dedicated team and two specialist partners, Mandiant and NTT.
The investigation has concluded that no evidence of any compromise was found and as such Lloyd's has been advised that its network services can now be restored.
We continue to work with our partners to monitor the IT environment as we restore services to the market, which we currently anticipate to complete by Wednesday 12 October.