Securities and the ISR Policy

May 15, 2026 by Stephen Tomlinson

Overview

This article considers the tangibility of securities and how securities are treated under the ISR policy. “Dematerialisation” and “immobilisation” have changed the nature of securities, yet the ISR policy and the attitudes of many insurance professionals have not evolved. There are clear problems with insuring securities under the ISR policy and an equally clear solution: the Crime policy.

Tangible property and basis of settlement clause (e)

The definition of Property Insured in the Mk.IV Modified ISR policy requires property to be “tangible”, though this requirement is strangely absent from the Mk.IV Advisory ISR. Furthermore, in the Mk.IV Modified ISR, basis of settlement clause (e) is as follows:

(e) On computer systems records, documents, manuscripts, securities, deeds, specifications, plans, drawings, designs, business books and other records of every description:
The cost of repairing, replacing, reproducing or restoring same, including information contained therein or thereon but excluding the value to the Insured of the said information or, if repair, replacement, reproduction or restoration is not carried out with reasonable despatch, the replacement cost of materials as blank stationary at the time and place of the damage.

There are two obvious problems with this provision:

there is cover for computer systems records, i.e. data. Since data is not tangible property, cover for computer systems records conflicts with the requirement that Property Insured be tangible; and
there is cover for “securities”. Like data, a security is intangible property: it is an interest in property such as a stock or bond. That interest may be recorded in a document such as a certificate. But since basis of settlement clause (e) excludes “the value to the Insured of the said information”, the policy does not intend to indemnify the insured for the loss of the value of the securities themselves. Rather, the policy covers the physical certificate which evidences ownership of the securities. The policy would therefore be clearer if “securities” was replaced with “certificates of securities”, something which is addressed in the SECURXS4 endorsement.

The SECURXS4 endorsement

A common endorsement for ISR policies is the SECURXS4 Securities endorsement which removes “securities” from basis of settlement clause (e) and provides its own basis of settlement for “Securities”:

SECURXS4 Securities
Basis of Settlement (e) is amended by deleting the word “securities”. In the case of Securities (which shall mean certificates of stock, bonds, coupons and all other types of securities), the basis of valuation shall be:
(a) if, with the approval of the Insurer(s), the Securities can be replaced, the cost of replacement paid or payable by the Insured; or
(b) if the Securities cannot or are not to be replaced by the Insured, the greater of:
(i) the price for which the Insured purchased them, and
(ii) the closing market value on the last business day prior to the date of discovery by the Insured of the loss or destruction of the Securities or, if the time of discovery by the Insured is after the close of the market, their closing market value on the day of discovery by the Insured of the loss or destruction of the Securities.
(c) in the case of a loss of subscription, conversion or redemption privileges through the loss of any Security, the value of such privileges immediately preceding the expiration thereof,
such valuation being in the currency in which the loss was sustained. Losses sustained in currencies other than Australian dollars shall be settled by converting the amount of loss to Australian dollars at the market rate as set by the Reserve Bank of Australia at the time of settlement of the loss or such other rates as may be expressly agreed with the Insurer(s). If there is no market price or value on the relevant day stated herein, then the value shall be agreed between the Insured and the Insurer(s) or, in default thereof, the Insured and the Insurer(s) shall submit to arbitration and be bound by the decision of the Umpire.

The SECURXS4 endorsement refers to “certificates of stock, bonds, coupons and all other types of securities” [emphasis added]. Here, the words “certificates of” apply to “all other types of securities”, such that “damage” (i.e. physical loss, damage or destruction) of a certificate is required for indemnity.

Since the SECURXS4 endorsement indemnifies the insured for the cost of replacement (or alternatives based on the value of the securities), rather than the cost of replacing the certificate, there is – prima facie – greater cover for the insured and exposure for the insurer.

The NEGINXB4 endorsement

Relatedly, the NEGINXB4 endorsement is as follows:

NEGINXB4 Money – Extended Definition
The definition of Money extends to include travellers cheques, securities and negotiable instruments.

The NEGINXB4 endorsement presents its own problems because it is not explicit whether:

securities and negotiable instruments are covered; or
certificates of securities and certificates of negotiable instruments are covered.

The NEGINXB4 endorsement has been cited as relevant to the theft of certificates of securities, with the September 1986 theft from the Hospital Superannuation Board office in Hawthorn (a suburb of Melbourne) used as an example. There, thieves stole “Aussie Mac” bonds which had a face value of $3,000,000. These bonds were “bearer bonds”, i.e. negotiable instruments that could be redeemed through banks or brokers, and could not be cancelled.

1986, however, was a different time and things have changed…

Is anybody still holding certificates of securities?

In modern times, the vast majority of securities have been:

“dematerialised”, i.e. they exist only as electronic records; or
“immobilised”, i.e. physical certificates (where they exist) are held in a central vault, with ownership transferred electronically.

To the extent that physical certificates are still used, securities exchanges in advanced economies are implementing dematerialisation to reduce costs, reduce risk and provide shorter settlement periods.

It is not uncommon for ISR policies to have the SECURXS4 endorsement and a sub-limit in the Schedule against “Securities”. But for the vast majority of insureds, that endorsement and its sub-limit won’t achieve anything because the insured doesn’t hold physical certificates of securities.

In Australia in 2026, certificates of securities are only likely to exist for:

physical share certificates issued by unlisted companies and private equity that are not part of a centralised registry; and
promissory notes or commercial paper, i.e. physical documents that may be issued for private debt transactions.

The problems with insuring securities under an ISR

From an insurer’s perspective, cover for certificates of securities is problematic because:

certificates of securities are highly liquid and portable. This makes them susceptible to theft and disappearance in ways that other tangible property (e.g. buildings, machinery) is not; and
under the SECURXS4 endorsement, the basis of settlement is:
1. the replacement cost; or
2. the closing market value.

For the securities identified above (i.e. those of unlisted companies, promissory notes and commercial paper), these securities are not traded such that the insured and insurer would need to agree a value. For many securities, this will not be straightforward. If the insured and insurer cannot agree, then the SECURXS4 endorsement provides for arbitration. But arbitration provisions are void under section 43 of the Insurance Contracts Act 1984 (Cth).

From an insured’s perspective, cover for securities is significantly restricted by Perils Exclusion 7(a)(i) which excludes physical loss, destruction or damage occasioned by or happening through:

“fraudulent or dishonest acts, fraudulent misappropriation, embezzlement, forgery, counterfeiting data corruption, unauthorised amendment of data and erasure by electronic or non electronic means involving the Property Insured by the Insured or any employee(s) of the Insured acting alone or in collusion with any other person(s)”.

These are likely the greatest risks for securities, followed by these acts being perpetrated by parties without a connection to the Insured or its employees.

Conclusion

Given dematerialisation, immobilisation, the nature of securities, the limitations of the SECURXS4 endorsement and Perils Exclusion 7(a)(i), securities should not be covered under ISR policies. Rather, securities should be insured under a Crime insurance policy. Crime policies address the most significant risks to securities, such as theft, disappearance, forgery and fraudulent transfer, both by employees of the insured and third parties. Furthermore, Crime policies can cover securities against physical perils, though insureds should review the terms of the policy to understand the cover.

In 2026 and beyond, there is no good reason for insureds (or their brokers) to continue covering securities under an ISR policy. If the ISR policy is to evolve in the 21st century, removing cover for securities so that such property can be appropriately insured under a Crime policy would be but one step among many.

Not all ISR sub-limits are equal (or “cumulative”)

March 13, 2026 by Stephen Tomlinson

Introduction

The Mk.IV ISR policy is not explicit about how its Limit of Liability and Sub-Limits of Liability (collectively, “limits”) apply. Like many aspects of the Mk.IV ISR policy, an understanding of how limits apply is often acquired through experience. This article, however, uses examples to show how limits should apply.

A Mk.IV ISR example: Premises in the Vicinity (Prevention of Access)

Let’s say:

damage occurs to property in the vicinity of the insured location (the “Premises”);
damage from that peril is insured under the policy, if such damage occurred to Property Insured;
the damage prevents access to the Premises; and
there is interruption with the Business in consequence of the damage.

Under the “Premises in the Vicinity (Prevention of Access)” memorandum, these circumstances are “deemed to be loss resulting from Damage to property used by the Insured at the Premises”, which enables the insured to claim business interruption loss under The Indemnity in “Section 2 – Consequential Loss”. That indemnity is subject to the “limitation on the Insurer(s) liability” and the amount of loss is calculated “in accordance with the applicable Basis of Settlement”. Accurate use of singulars and plurals is not a strength of the Mk.IV ISR, since the applicable Bases of Settlement could be:

Loss of Gross Profits;
Claim Preparation Costs;
Pay-Roll; and
Additional Increase in Cost of Working.

So, what is the “limitation on the Insurer(s) liability”? Well, let’s say the policy has the following Sub-Limits of Liability:

Premises in the Vicinity (Prevention of Access): $250,000;
Claim Preparation Costs: $1,000,000; and
Additional Increase in Cost of Working: $1,000,000.

While Loss of Gross Profits and Pay-Roll (assuming Pay-Roll is insured separately) would have declared values, they do not have Sub-Limits of Liability.

If Loss of Gross Profits and Pay-Roll were claimed up to their declared values as a result of a Premises in the Vicinity (Prevention of Access) claim, it would render the Sub-Limit of Liability for Premises in the Vicinity (Prevention of Access) meaningless. Clearly, the Sub-Limit of Liability for Premises in the Vicinity (Prevention of Access) must be an overarching limit – “the limitation on the Insurer(s) liability” – and amounts payable under the other bases of settlement must fall within both their own Sub-Limits of Liability (if any) and that “limitation”.

There is no rational basis to claim that the Sub-Limits of Liability for Claim Preparation Costs and Additional Increase in Cost of Working should not be subject to the Sub-Limit of Liability for Premises in the Vicinity (Prevention of Access). The purpose of a Sub-Limit of Liability is to limit the insurer’s exposure, and this purpose is defeated if the insurer’s exposure is not $250,000, but potentially $2,250,000. Consider the amounts of the Sub-Limits of Liability: in this example (from a real policy), the Additional Increase in Cost of Working Sub-Limit is four times that of Premises in the Vicinity (Prevention of Access). Again, the purpose of the Sub-Limit of Liability on Premises in the Vicinity (Prevention of Access) is defeated if the Loss of Gross Profits and Pay-Roll components of the claim were limited to $250,000, but the insured could claim up to $1,000,000 for each of Claim Preparation Costs and Additional Increase in Cost of Working.

From the paragraph above, it is clear that “the limitation on the Insurer(s) liability” – as referred to in The Indemnity in “Section 2 – Consequential Loss” can be a Limit of Liability or a Sub-Limit of Liability. Since the same words, i.e. “the limitation on the Insurer(s) liability”, are used in The Indemnity in Section 1, it can be safely concluded that the same applies there.

Another Mk.IV ISR example: Flood

Let’s consider another example where a Policy has the following Sub-Limits of Liability. For Section 1:

Removal of Debris: no sub-limit;
Landscaping: $250,000;
Extra Cost of Reinstatement: $1,000,000;
Additional Extra Cost of Reinstatement: $500,000;
Expediting Costs: $50,000; and
Liability to Make Enquiries: $250,000.

For Section 2:

Claim Preparation Costs: $1,000,000; and
Additional Increase in Cost of Working: $1,000,000.

And for Sections 1 and 2 combined:

Flood: $10,000,000.

Now, let’s say Property Insured at the Premises is damaged by Flood, and that the total amount of the damage and resultant business interruption is $20,000,000.

The previous example established that “the limitation on the Insurer(s) liability” can be a Limit of Liability or a Sub-Limit of Liability and, if a Sub-Limit of Liability, such limit is an overarching limit within which other Sub-Limits of Liability operate. Given this, it should be clear that the insurer’s liability is limited to the Sub-Limit of Liability against Flood, i.e. $10,000,000. It would defy logic to claim that the Sub-Limits should apply cumulatively (i.e. “stacking of sub-limits”) and that the insurer’s liability (assuming all other limits could be exhausted) should be $14,050,000, i.e. $10,000,000 plus $250,000 plus $1,000,000 plus $500,000 plus $50,000 plus $250,000 plus $1,000,000 plus $1,000,000. If the limits could stack, perversely, the insured would be disadvantaged by not having a sub-limit for Removal of Debris.

The Mk.V ISR

In the Mk.V ISR, its definition for Limit of Liability includes the following: “If more than one Limit or Sub-Limit of Liability applies, the lesser amount shall be payable”. This was intended to clarify the position in the Mk.IV ISR where “the limitation on the Insurer(s) liability” for a loss could be a Limit of Liability or a Sub-Limit of Liability. Unfortunately, the Mk.V ISR wasn’t clear about when a Limit or Sub-Limit of Liability would “apply” as an over-arching limit. Because if there is not a Sub-Limit of Liability applying as an overarching limit, then the Sub-Limits of Liability in the policy will apply cumulatively (as, for example, in a typical fire claim).

For the Mk.V ISR, the TOPLIM01 endorsement is as follows:

TOPLIM01 Precedence of Sub-Limits

In Definition 1.8, the sentence reading “If more than one Limit or Sub-Limit of Liability applies, the lesser amount shall be payable” is amended to read:

If more than one Limit or Sub-Limit of Liability applies, the greater amount shall be payable.

Respectfully, this endorsement doesn’t make sense. If a policy has a Limit of Liability and, say, a Flood Sub-Limit of Liability, would anyone seriously suggest that the lower Flood Sub-Limit of Liability should be ignored and that the policy’s Limit of Liability should apply to Flood claims? One would hope not, though stranger things have happened.

Addressing the sub-limit problem

Above, I’ve considered a Premises in the Vicinity (Prevention of Access) claim and a Flood claim. So, contingent business interruption and particular perils/circumstances/events can give rise to an overarching Sub-Limit of Liability (i.e. a Sub-Limits of Liability that acts like a Limit of Liability because it is the maximum amount payable).

Although less common, an overarching Sub-Limit of Liability could also arise if a Sub-Limit of Liability applies to a particular item of property. Obviously, however, if damage occurred to both Sub-Limited and not-Sub-Limited property, then the Sub-Limit would only apply to the Sub-Limited property.

To address the operation of Sub-Limits of Liability and Limits of Liability, I drafted a clause that sought to explain how Sub-Limits of Liability should operate, which recognised that:

Sub-Limits of Liability apply independently of each other, subject to exceptions;
those exceptions are when a Sub-Limit of Liability applies to: a peril, event or circumstance; a particular location (i.e. Premises/Situation); contingent business interruption covers; or Property Insured;
if such a Sub-Limit of Liability applies, it is the maximum amount payable by the insurer;
if more than one such Sub-Limit of Liability applies, then the lowest Sub-Limit of Liability is the maximum amount payable (consider Flood enlivening the Premises in the Vicinity (Prevention of Access) memorandum; and
if damage occurs to Property Insured and only part of that Property Insured is subject to a Sub-Limit of Liability, that Sub-Limit of Liability will only apply to that part of the Property Insured.

To demonstrate the operation of the clause, examples were included.

Are so many words needed to solve this problem? Respectfully, the number of words isn’t necessarily a problem. But ambiguity and confusion over the proper operation of Sub-Limits of Liability is a problem. Shouldn’t insurance practitioners be trying to provide clarity?

Post-script: Non-Marine Property Physical Loss or Damage Wording (LMA3182)

After initially drafting this article, I came across the LMA’s Non-Marine Property Physical Loss or Damage Wording (LMA3182). It has sought to address the operation of limits with the following:

LIMIT OF LIABILITY

The Underwriters’ maximum liability in a single Occurrence regardless of the number of Locations or coverages involved will not exceed the Policy limit of liability as specified in the Schedule. However, when a sub-limit of liability for a Location or other specified property or coverage is shown, such sub-limit will be the maximum amount payable for any loss or damage arising from direct physical loss or damage at such Location or involving such other specified property or such coverage. [emphasis added]

Each Sub-limit stated in this Policy applies as part of, and not in addition to, the overall Policy Limit of Liability for an Occurrence insured hereunder. Each Sub-limit is the maximum amount potentially recoverable from all insurance layers and program policies combined for all insured loss, damage, expense, Time Element or other insured interest arising from or relating to that aspect of the Occurrence, including but not limited to type of property, construction, geographic area, zone, location, or peril.

If insured under this Policy, any Sub-limit for Earth Movement, Flood, Windstorm or Named Storm, is the maximum amount potentially recoverable from all insurance layers combined for all insured loss, damage, expense, Time Element or other insured interest arising from or relating to such an Occurrence. [emphasis added] If Flood occurs in conjunction with a Windstorm, Named Storm or Earth Movement, the Flood Sub-limit applies within and erodes the Sub-limit for that Windstorm or Named Storm, or Earth Movement.

Here,

the first paragraph provides that sub-limits of liability for locations and property can be over-arching sub-limits (i.e. “the maximum amount payable…”); and
the third paragraph provides that sub-limits on particular events (Earth Movement, Flood, Windstorm or Named Storm) can be over-arching sub-limits (i.e. “the maximum amount potentially recoverable…”).

I commend the LMA on seeking to provide greater clarity about the operation of sub-limits. The LMA’s approach is different to that which I proposed above and, specifically, it doesn’t:

state a default position that sub-limits of liability apply independently;
address sub-limits of liability for contingent business interruption covers; or
state that the lower over-arching sub-limit will apply.

Some insurance professionals may not consider that these things need to be stated explicitly but, as above, my experience suggests otherwise and clarity is preferable.

Improving the ISR: deleting the Amount of Policy Not Reduced by Loss memorandum, and explaining Event and Aggregate Limits

February 7, 2026 by Stephen Tomlinson

Introduction

This article provides two suggestions for improving the Industrial Special Risks (ISR) policy:

deleting the Amount of Policy Not Reduced by Loss memorandum; and
relatedly, explaining “event” and “aggregate” limits.

The Amount of Policy Not Reduced by Loss memorandum

In the Mk.IV ISR policy, the “Amount of Policy Not Reduced by Loss” memorandum appears in the Memoranda Applicable to All Sections:

Amount of Policy not Reduced by Loss
The insurance under each section and/or item of this Policy and the Indemnity Period shall be automatically reinstated in the event of any loss in consideration of the payment by the Insured of a pro-rata additional premium calculated on the amount of the loss settlement at the rate(s) agreed for the Period of Insurance.

Ultimately, this memorandum doesn’t make sense in the ISR policy and should be deleted.

In the ISR policy, the Limit of Liability and Sub-Limits of Liability apply “for any one loss or series of losses arising out of any one event at any one Situation” (i.e. per event and per Situation). Subject to the exceptions (see “Event and Aggregate Limits”, below), the quoted words mean that:

If an event affects multiple locations, the Limit of Liability and Sub-Limits of Liability apply to each location (“Situation”) separately; and
For each event, the full amounts of the Limit of Liability and Sub-Limits of Liability are available. That is, the Limit of Liability and Sub-Limits of Liability are not reduced (or “eroded”) by previous events.

Given this, the “insurance under each section and/or item of this Policy and the Indemnity Period” (as those words are used in the “Amount of Policy not Reduced by Loss” memorandum) does not need to be reinstated by the payment of additional premium, because the insurance was never reduced in the first place.

In this respect, the Limit of Liability and Sub-Limits of Liability in the ISR policy are fundamentally different from the “sums insured” in other Property policies which may be eroded by loss.

Event and Aggregate Limits

So, what about those exceptions? In the ISR policy, Sub-Limits of Liability (and, potentially, Limits of Liability) may apply:

“per event” or “any one event”; and/or
“in the aggregate” or “in the annual aggregate”.

While these terms are reasonably well understood within the insurance industry, their meaning may not be clear to those outside it – and this can create confusion for insureds. At their most basic,

If a limit applies “per event” or “any one event”, then that limit is intended to apply across all insured locations combined. For example, if an insured has multiple locations that are affected by a single Flood event, and there is a Flood limit of $1,000,000 applying “per event”, then the insured would only be able to claim $1,000,000 in respect of that Flood event, regardless of the number of insured locations affected; and
If a limit applies as an “annual aggregate”, then it is intended to apply for all such events occurring during the Period of Insurance. Ambiguity may arise, however, as to whether an aggregate limit applies to a) each location individually or b) all locations combined – this is considered below (see “Clarifying aggregate limits”).

So a limit of liability which applies as an “annual aggregate” could be eroded. But it doesn’t make sense for an annual aggregate limit to be automatically reinstated for a pro-rata additional premium calculated on the loss (to paraphrase the Amount of Policy not Reduced by Loss memorandum) because:

the rationale for an “annual aggregate” limit is to limit the insurer’s exposure;
the amount of the loss settlement may not be known until well after the event which has caused the damage. This is particularly relevant if there is resultant business interruption. If the insured hasn’t made the payment, is the insurance reinstated? The wording memorandum of the memorandum suggests that the answer is “no”; and
if there’s a total loss, what would the reinstated insurance be covering? Why should the insured be required to pay a premium if there is no property to be insured?

Hopefully, the preceding discussion demonstrates that the “Amount of Policy not Reduced by Loss” memorandum serves no purpose in the ISR policy. It should be deleted.

Clarifying aggregate limits

As describe above, ambiguity may arise as to whether an aggregate limit applies to a) each location individually or b) all locations combined. It is therefore prudent for insurance brokers and insurers to define these terms. An example of such a definition is as follows:

Event and Aggregate Limits

Where the term “per event” or “any one event” is stated for any Limit of Liability or Sub-Limit of Liability, the amount of that Limit of Liability or Sub-Limit of Liability represents the Insurer’s maximum liability for any one event in respect of the Period of Insurance for all insured locations combined.

Where the term “annual aggregate” is stated for any Limit of Liability or Sub-Limit of Liability, the amount of that Limit of Liability or Sub-Limit of Liability represents the Insurer’s maximum liability:

a) for any one event; and

b) in the aggregate,

in respect of the Period of Insurance for all insured locations combined.

The second paragraph of this example may seem unnecessarily wordy. However, aggregate limits could apply to events like Flood or to contingent business interruption covers (i.e. covers that do not require damage to property used by the insured at the insured location). Furthermore, the words “in respect of the Period of Insurance” are used because an indemnity period could commence during the Period of Insurance but extend beyond it – this makes the phrase “during the Period of Insurance” problematic. There may be better ways of explaining event and aggregate limits but, for now at least, the above should suffice as an example.

The Indemnity Principle, Replacement Cost Insurance and Reasonable Despatch

February 1, 2026 by Stephen Tomlinson

In the context of Property insurance, this article considers:

the indemnity principle;
replacement cost insurance; and
the reasonable despatch requirement.

While the article focusses on the Australian Industrial Special Risk (ISR) policy, it is relevant to Property and Material Damage Business Interruption (MDBI) policies generally.

What is the indemnity principle?

The indemnity principle means that the insured is restored to their position prior to the loss. Where an insurance policy covers real property, the insured can only be restored to their pre-loss by reinstatement (i.e. repair, rebuilding or replacement) of that property.

If the insured was to be indemnified purely on an indemnity basis, the amount of the indemnity would be the cost of reinstatement less an allowance for betterment. Here, betterment is the amount by which the reinstated property (containing new and/or improved materials) is more useful or valuable than the pre-loss property. As Campbell and Stewart explain:

“A deduction for betterment is a necessary corollary of the indemnity principle: the deduction ensures that an insured is not put in a better position, post-indemnity, than he or she was in prior to the loss.”[1]

Replacement cost insurance

Contrary to the indemnity principle, under “replacement cost” insurance:

the insured is indemnified on a “new-for-old” basis;
there is no deduction for betterment; and
the parties effectively “contract out” of the indemnity principle.

The Australian Industrial Special Risk (ISR) insurance policy is an example of “replacement cost” insurance, and many Property insurance policies operate on this basis. For buildings, machinery, plant and other property and contents, the “Reinstatement or Replacement” memorandum in the Mk.IV ISR provides that “[T]he basis upon which the amount payable is to be calculated shall be the cost of reinstatement of the damaged property insured at the time of its reinstatement, subject to the following Provisions…”

Conditions applying to replacement cost insurance

In the Mk.IV ISR’s “Reinstatement or Replacement” memorandum, the following conditions (among others) apply to its replacement cost indemnity:

the reinstated property is not to be better or more extensive that the condition of the original property when it was new. This condition (and condition 4), below) seek to counter the moral hazard that arises in replacement cost insurance;
reinstatement must be commenced and carried out with reasonable despatch. This condition seeks to contain reinstatement costs which could reasonably be expected to increase if reinstatement is not effected promptly. If property were not reinstated promptly, it would increase insurance premiums for insureds generally. Beyond this, reasonable despatch provides contract certainty since, without it, the insured’s responsibilities for effecting reinstatement are unclear (i.e. when is reinstatement to occur?);
co-insurance (also known as average or underinsurance). This condition is vital to ensure that insureds accurately declare reinstatement costs and the premium can be calculated accordingly; and
no payment beyond indemnity value is payable until the cost of reinstatement has been incurred. In the ISR, the however, this condition is tempered by the “Progress Payments” condition.

These conditions are fundamental to replacement cost insurance, and the rest of this article will focus on reasonable despatch.

Reasonable despatch in the Mk.IV ISR

In the Mk.IV ISR, the reasonable despatch requirement in the “Reinstatement or Replacement” memorandum is as follows:

“The work of rebuilding, replacing, repairing or restoring as the case may be (which may be carried out upon any other site(s) and in any manner suitable to the requirements of the Insured, but subject to the liability of the Insurer(s) not being thereby increased), must be commenced and carried out with reasonable dispatch, failing which the Insurer(s) shall not be liable to make any payment greater than the indemnity value of the damaged property at the time of the happening of the damage.”

Reasonable despatch in Australia: CIC Insurance and Brescia

In Australia, the “reasonable despatch” requirement has come under scrutiny as a result of the judgments in CIC Insurance Ltd v Bankstown Football Club (1997) CLR 384 and Brescia Furniture Pty Ltd v QBE Insurance (Australia) Limited & anor [2007] NSWSC 598.

In CIC Insurance Ltd,

six months after the insured lodged its claim, the insurer declined the claim, alleging that it was a fraudulent claim, and cancelled the policy;
the insured’s financial position was such that it could not reinstate and replace property unless it was indemnified under the policy;
a majority of the High Court held that the failure of the insured to commence reinstatement with reasonable despatch meant that the insurer was only liable to pay the indemnity value of the property;
the majority held that reasonable despatch should be measured without consideration of the insurer’s wrongful declinature (at 403).
the majority indicated that the insured’s position would have been better had it accepted the insurer’s repudiation and sought damages for breach of contract. If the insured proved that rebuilding would have occurred had the insurer admitted liability, damages would be calculated on the basis of the cost of reinstatement.

Gaudron J dissented, stating that:

“It is not reasonable, in my view, to require an insured person to commence and carry out rebuilding and repairs in circumstances where the insurer is wrongfully denying liability under a policy of insurance of the kind involved in this case” (at 412).

In Brescia Furniture Pty Ltd v QBE Insurance, the facts were similar, i.e. the insurer declined the claim and the insured could not reinstate and replace property unless it was indemnified under the policy. Hammerschlag J considered that he was bound by the decision in CIC Insurance, such that Brescia was only entitled to indemnity value, and not the cost of reinstatement. Per Hammerschlag J (at 464):

“An outcome in accordance with the reasoning of Gaudron J is in my view a fair and reasonable one but I am bound to follow the majority view. But for that, I would have followed the approach of Gaudron J.”

Campbell and Stewart concur with Gaudron J and Hammerschlag J[2]:

“Where an insurer under a replacement cost policy wrongfully declines a claim, few would disagree that it is unfair of an insurer to argue that its liability under the policy should be limited because of the insured’s non-fulfilment of conditions. This would be to allow the insurer to take advantage of its own wrong.”

Furthermore, other jurisdictions support the views of Gaudron J, Hammerschlag J, and Campbell and Stewart:

In an obiter passage in City Realties (Holdings) Ltd v National Insurance Co of New Zealand Ltd (1986) 4 ANZ Insurance Cases 60-695, 74, at 140, the insurer’s wrongful declinature was regarded as relevant to reasonable despatch; and
In British Columbia, it has long been held that for so long as the insurer wrongfully declines the claim, it is not reasonable to expect the insured to rebuild. See, for example, see Omega Inn Ltd v Continental Insurance Co (1987) 37 DLR (4^th) 573, at 574.

Reasonable despatch and Unfair Contract Terms (UCT) laws

As explained, reasonable despatch is a fundamental condition for replacement cost insurance. However, the decision in CIC Insurance (in 1997) should have been a wake-up call for the insurance industry to ensure that the reasonable despatch requirement operates fairly. And the decision in Brescia Furniture (in 2007) should have been a reminder. Yet it seems that the vast majority of ISR policies were not amended in light of these decisions.

However, Unfair Contract Terms (UCT) laws came into effect in Australia on 5 April 2021, applying to standard form contracts, consumer contracts and small business contracts. As a result, many Property insurance policies (including ISR policies) have been amended to qualify the reasonable despatch requirement so that it would not apply where a delay was due to circumstances beyond the insured’s control – this would appear to include an insurer’s declinature. But not all Property insurance policies have made this transition and, for those that haven’t, reasonable despatch may be an elusive concept. I hope that this article provides some guidance.

[1] Campbell, N., and Stewart B., Prevention of Performance in Replacement Cost Insurance – Preventing a Fictional Response, Otago Law Review (2002) 5 229, at 231.

[2] Campbell, N., and Stewart B., Prevention of Performance in Replacement Cost Insurance – Preventing a Fictional Response, Otago Law Review (2002) 5 229, at 249.

LMA5410: Cyber Loss Limited Exclusion Clause (Property Treaty Reinsurance) No.1

January 31, 2026 by Stephen Tomlinson

Background to LMA5410

Published on 6^th March 2020 by the Lloyd’s Market Association (LMA), LMA5410 is a Cyber Exclusion Clause intended for use on Property treaty reinsurance.

LMA5410 Exclusions: Computer Systems and Data

Generally, the LMA5410 clause excludes loss in connection with:

“any loss of, alteration of, or damage to or a reduction in the functionality, availability or operation of a Computer System”; or
“any loss of use, reduction in functionality, repair, replacement, restoration or reproduction of any Data, including any amount pertaining to the value of such Data”.

The Computer System exclusion (i.e. 1., above) can operate as both a peril and property exclusion, i.e. it excludes loss in connection with the circumstances described, and excludes damage to a “Computer System”.

The primary intent of the Data exclusion (i.e. 2., above) appears to be to act as a property exclusion on Data, i.e. exclude damage to Data. Nonetheless, it could also act as a peril exclusion by excluding other losses in connection with the circumstances described. Unlike LMA5400 endorsement, the Data exclusion in LMA5410 is absolute in that is has no exceptions.

Exception to the Computer System Exclusion

The Computer System exclusion has an exception whereby cover is provided for:

“physical damage to property insured under the original policies and any Time Element Loss directly resulting therefrom where such physical damage is directly occasioned by any of the following perils:

fire, lightning, explosion, aircraft or vehicle impact, falling objects, windstorm, hail, tornado, cyclone, hurricane, earthquake, volcano, tsunami, flood, freeze or weight of snow.”

Interpretation of the words “directly occasioned by” could depend on the circumstances, but may require a listed peril to be a proximate cause of the damage for the exception to apply. However, a listed peril could be the proximate cause of the physical damage regardless of whether it occurred before OR after the circumstances described in the Computer System exclusion (i.e. “loss of, alteration of, or damage to or a reduction in the functionality, availability or operation of a Computer System”). Though it is difficult to see how the circumstances described in the Computer System exclusion could cause natural perils like windstorm, tornado, cyclone, hurricane, earthquake, volcano, tsunami, flood, freeze or weight of snow.

Operation of the exception when the Data exclusion also applies?

The exception to the Computer System exclusion, however, may not operate if the circumstances causing the loss also enliven the Data exclusion, which does not have an exception. While the internet may not need further explanation of the Wayne Tank judgment (perhaps see Spark Helmore’s “Storms, floods and exclusions: a refresher on the application of Wayne Tank principles”), it could be summarised as follows: if a loss arises from two perils – one of which is excluded and the other is not – and it is not possible to apportion the loss between the perils, then the exclusion prevails and the insured will not be indemnified. Predicting how a court may view the Computer System exception when the Data exclusion is enlivened may be a fool’s errand.

What about malicious cyber events?

An unusual aspect of LMA5410 is that is does not distinguish between malicious and non-malicious cyber events (c.f. with the absolute exclusions on “Cyber Acts” in LMA5400 and LMA5401, i.e. “an authorised malicious or criminal act or series of related unauthorised, malicious or criminal acts, regardless of time and place, or the threat or hoax thereof involving access to, processing of, use of or operation of any Computer System”). This invites the following questions:

do reinsurers really have an appetite to cover malicious cyber acts under Property reinsurance treaties?
Are malicious cyber activities considered an insurable risk? Should they be?

Given the nature of malicious cyber activities (including nation-state involvement or support), there is potential overlap with a policy’s “War” and “Terrorism” exclusions. But since 2019, the UK’s Prudential Regulation Authority (PRA) and Lloyd’s have been aligned in seeking to eliminate “silent cyber” coverage and clarifying policy positions. But when it comes to malicious cyber events (or “Cyber Acts” to use the terms of LMA5400 and LMA5410), it seems strange that LMA5410 is silent.

LMA5595 and LMA5596 PFAS Exclusions for Liability policies

June 16, 2023 by Stephen Tomlinson

LMA PFAS Exclusions

Lloyd’s Market Association Bulletin LMA22-024-CM was issued in August 2022 and included two PFAS exclusions – LMA5595 and LMA5596 – for liability insurance and liability reinsurance policies. This article considers the background to these PFAS exclusions before analysing the exclusions themselves.

Background to PFAS Exclusions

PFASs Definition

According to the OECD, PFASs are fluorinated substances that contain at least one fully fluorinated methyl or methylene carbon atom (without any H/Cl/Br/I atom attached to it), i.e. with a few noted exceptions, any chemical with at least a perfluorinated methyl group (–CF₃) or a perfluorinated methylene group (–CF₂–) is a PFAS. PFASs include perfluorosulfonic acids, such as perfluorooctanesulfonic acid (PFOS), and perfluorocarboxylic acids like perfluorooctanoic acid (PFOA).

PFAS Use

PFASs are surfactants, i.e. reduce the surface tension between a liquid and another liquid or solid, making them effective in resisting fire and repelling water, oil, and grease. PFASs are found in materials such as firefighting foam, nonstick cooking pots and pans, paints, coatings for cables and wires, lubricants, food packaging, and textiles. Furthermore, PFASs are water soluble and appear to move through soil. PFASs are commonly described as persistent organic pollutants or “forever chemicals” because they remain in the environment for long periods of time.

PFAS Health Effects

Increasing PFAS litigation – see below – has been driven by growing evidence that PFASs are harmful to the environment and health. A 2022 National Academies of Sciences, Engineering, and Medicine report noted that:

PFAS exposure was linked to increased risk of dyslipidemia (abnormally high cholesterol), sub-optimal antibody response, reduced infant and foetal growth, and higher rates of kidney cancer; and
drinking water is contaminated with PFASs in thousands of communities across the United States.

Increasing PFAS Litigation

The LMA5595 and LMA5596 PFAS exclusions are a response to increasing private tort lawsuits and government enforcement of environmental laws and regulations. In the USA, for example, more than 6,400 PFAS-related lawsuits have been filed in its federal court since 2005; of these, more than 1,000 were filed in 2021 concerning firefighting foam. Initially, the defendants in such litigation tended to be primary producers of PFAS such as chemical companies and manufacturers of fire-suppressant foams. More recent litigation, however, recent litigation has targeted secondary manufacturers, textile manufacturers, cosmetics manufacturers, fashion and fast food companies.

There has been speculation that this increasing litigation could expose insurers to unanticipated claims, akin to asbestos claims (see, for example, ‘PFAS: The Next Asbestos‘?). Two examples of significant PFAS litigation are described below.

DuPont class action and settlement (West Virigina)

In February 2017, DuPont and its spin-off Chemours paid USD $671 million to settle lawsuits for 3,550 personal injury claims related to PFOA release from their Parkersburg plant into the drinking water. The settlement came after a court-created independent scientific panel, the C8 Science Panel, found a ‘probable link‘ between PFOA (also known as C-8) exposure and six illnesses: kidney and testicular cancer, ulcerative colitis, thyroid disease, pregnancy-induced hypertension and high cholesterol.

3M settlement with Minnesota

In February 2018, 3M settled a lawsuit brought by the state of Minnesota for USD $850 million; Minnesota had sought judgment for USD $5 billion. The lawsuit alleged that:

3M dumped chemicals at sites near Minneapolis for more than 40 years, enabling them to get into wildlife and drinking water; and
3M knew the chemicals were harmful but concealed the effects from regulators and distorted science on them.

Analysis of the LMA5595 and LMA5956 PFAS Exclusions

Are LMA5595 and LMA5596 necessary?

As noted above, LMA5595 and LMA5596 PFAS exclusions have been developed for liability insurance and liability reinsurance policies. Whether the LMA5595 or LMA5596 are necessary will depend upon the pollution exclusion in the policy. If applied in reinsurance contracts, however, then insurers may then apply them to policies they issue to avoid reinsurance gaps.

For Liability policies written on an occurrence basis, the LMA5595 and LMA5596 PFAS exclusions would only serve to exclude liability in future policies. For past occurrences, the Liability policies in force at that time will have to respond to the claim, subject to the pollution exclusions.

In the USA, it is understood that most insurers inserted ‘absolute’ or ‘total’ pollution exclusions after 1985. According to Pillsbury, however, ‘[i]n nearly half the states, policies containing this form of pollution exclusion have been held to be ambiguous and to provide coverage for pollution that was not expected or intended.’

LMA5595 and LMA5596: broad exclusions on PFAS liability

Broadly, paragraph 1 of the LMA5595 and LMA5596 endorsements exclude claims in connection with any PFAS – please refer to the endorsements for the exact wording. The LMA5595 and LMA5596 also contain anti-concurrent terms (see ‘regardless of any other cause contributing concurrently or in any sequence’). Paragraph 2 then acts as a clarification that the exclusion applies to costs to clean-up, monitor or assess the effect of any PFAS.

Difference: LMA5596 reverses the burden of proof

The difference between LMA5595 and LMA5596 is that LMA5596 has an additional paragraph which reverses the onus of proof (‘If UNDERWRITERS allege that this Exclusion applies to any claim under this POLICY the burden of proving the contrary shall be upon the INSURED’). Here, it may be appropriate to consider:

what would be required for the ‘underwriters’ to allege that the exclusion applies?
if there is more than one insurer for the policy, how would this clause operate?
what justifies reversing the onus of proof? Parties to an insurance contract may specify who bears the onus of proving a particular fact, even if this involves reversing the onus of proof: see Levy v Assicurazione Generali [1940] AC 791. However, reversing the onus of proof is contrary to the interests of insureds and conflicts with the traditional position whereby the insurer must prove that an exclusion applies. Given the resources and expertise of insurance companies, it is difficult to see how reversing the burden of proof could lead to more equitable outcomes.

LMA5595 and LMA5596 definition of ‘PFAS’

In their final paragraphs, LMA5595 and LMA5596 define ‘PFAS’ as ‘any organic molecule, salt, free radical or ion, the composition of which includes at least one:

a. perfluorinated methyl group (-CF₃); or

b. perfluorinated methylene group (-CF₂-).’

This definition differs from that use by the OECD (see ‘PFASs Definition‘, above) due to its use of ‘organic molecule, salt, free radical or ion’. While the difference may not be material, the source of the LMA definition is not known (to this author) and it is unclear why the LMA would not use the more common OECD definition.

LMA5468A, LMA5469A and LMA5470A: Amended Cyber and Data endorsements for Liability policies

June 13, 2023 by Stephen Tomlinson

Background

While LMA5469A was issued in October 2022, LMA5468A and LMA5470A were issued on 15 March 2023 (beware the Ides of March!). Since LMA5468A, LMA5469A and LMA5470A are similar to their LMA5468, LMA5469 and LMA5470 predecessors, I recommend reading the analysis of those endorsements separately since I have chosen not to reproduce it here.

In LMA Bulletin LMA22-034-SD, the LMA stated that the changes to LMA5469 made for LMA5469A were ‘to clarify that the limited write-back of cover to the exclusion is subject to all the terms, conditions and exclusions of the policy (and any attached endorsements)’. This statement, however, does not tell the full story since the changes amount to more than a ‘clarification’.

Changing how LMA5468A, LMA5469A and LMA5470A operate

For each of LMA5468A, LMA5469A and LMA5470A, the primacy clauses of their predecessors have been deleted:

‘This endorsement supersedes any other wording in the Policy or any endorsement thereto having a bearing on a Cyber Act, Cyber Incident or Data, and, if in conflict with such wording, replaces it’.

This change should be considered in conjunction with the change to the preamble for the exceptions in paragraph 2:

‘Subject to all the terms, conditions and exclusions contained in this Policy or any endorsement thereto…’

Taken together, these changes are significant because they mean that other exclusions in the policy or attached to the policy – including those relating to cyber or data risks – could operate alongside those of LMA5468A, LMA5469A or LMA5470A. And if any exclusion in the policy applies to an insured’s claim, the claim is excluded. As such, these changes increase the likelihood that an insured’s claim will be excluded.

Rather than ‘clarifying’ how the LMA5468A, LMA5469A or LMA5470A apply, it would be more accurate to say that the exceptions to the exclusions in the amended versions operate differently because they are also subject to the underlying policy’s other exclusions.

Other changes

Other changes introduced in LMA5468A, LMA5469A or LMA5470A are as follows:

For LMA5469A and LMA5470A, the exceptions to the exclusions now appear in paragraph 2 (i.e. immediately after the exclusions of paragraph 1); and,
The definition paragraphs are not numbered. As a result, the definition of ‘Cyber Incident’ has sub-clauses (a) and (b), which is inconsistent with the other sub-clauses of the wording which are numbered 1.1, 1.2, 2.1 and 2.2.

Summary of LMA5468A, LMA5469A and LMA5470A

Exclusion	LMA5468A	LMA5469A	LMA5470A
Cyber Act: loss or damage in connection with unauthorised, malicious or criminal act involving access to or use of an electronic device	Excluded	Excluded	Excluded
Cyber Incident #1: loss or damage in connection with error or omission involving access to or use of an electronic device	Excluded	Excluded	Excluded
Cyber Incident #2: loss or damage in connection with the unavailability or failure to access or use an electronic device	Excluded	Excluded	Excluded
Any action taken in controlling, preventing, suppressing or remediating any Cyber Act or Cyber Incident	Excluded	Excluded	Excluded
Loss of use or reduction in functionality of Data	Excluded	Excluded	Excluded
Repair, replacement, restoration, reproduction of Data	Excluded	Excluded	Excluded
Loss or theft of Data	Excluded	Excluded	Excluded
Value of Data	Excluded	Excluded	Excluded
Exceptions
If arising out of a Cyber Incident, exceptions for: 1) third party bodily injury; and 2) physical damage to or destruction of third party property.	No such exception	Excepted	Excepted
If arising out of a Cyber Act, exceptions for: 1) third party bodily injury; and 2) physical damage to or destruction of third party property.	No such exception	No such exception	Excepted

LMA5468, LMA5469 and LMA5470: Cyber and Data endorsements for Liability policies

June 13, 2023 by Stephen Tomlinson

Background

LMA5468, LMA5469 and LMA5470 are Cyber and Data Exclusion Endorsements for Liability policies that were released by the LMA in November 2020.

At their broadest, LMA5468, LMA5469 and LMA5470 all exclude liability ‘in connection with’:

any Cyber Act;
any Cyber Incident;
any action taken in controlling, preventing, suppressing or remediating any Cyber Act or Cyber Incident;
any loss of use or reduction in functionality of any Data;
any repair, replacement, restoration, reproduction of any Data;
any loss or theft of any Data; or
any amount pertaining to the value of such Data.

Where the exclusions differ, however, is in their exceptions: LMA5468 has none, LMA5469 has an exception for Cyber Incidents, and LMA5470 has exceptions for both Cyber Incidents and Cyber Acts.

Exclusion	LMA5468	LMA5469	LMA5470
Cyber Act: loss or damage in connection with unauthorised, malicious or criminal act involving access to or use of an electronic device	Excluded	Excluded	Excluded
Cyber Incident #1: loss or damage in connection with error or omission involving access to or use of an electronic device	Excluded	Excluded	Excluded
Cyber Incident #2: loss or damage in connection with the unavailability or failure to access or use an electronic device	Excluded	Excluded	Excluded
Any action taken in controlling, preventing, suppressing or remediating any Cyber Act or Cyber Incident	Excluded	Excluded	Excluded
Loss of use or reduction in functionality of Data	Excluded	Excluded	Excluded
Repair, replacement, restoration, reproduction of Data	Excluded	Excluded	Excluded
Loss or theft of Data	Excluded	Excluded	Excluded
Value of Data	Excluded	Excluded	Excluded
Exceptions
If arising out of a Cyber Incident, exceptions for: 1) third party bodily injury; and 2) physical damage to or destruction of third party property.	No such exception	Excepted	Excepted
If arising out of a Cyber Act, exceptions for: 1) third party bodily injury; and 2) physical damage to or destruction of third party property.	No such exception	No such exception	Excepted

Overview of the definitions

As noted elsewhere on insurance-endorsements.com, the definitions of Cyber Act, Cyber Incident, Computer System and Data are problematic. For example,

Cyber Act means ‘an unauthorised, malicious or criminal act or series of related unauthorised, malicious or criminal acts, regardless of time and place, or the threat or hoax thereof involving access to, processing of, use of or operation of any Computer System.’ In this definition, it is unclear how ‘unauthorised’ should be interpreted. Is it from the perspective of the insured? If an act has not been authorised, does that mean it is unauthorised? If an employee unintentionally exceeds their authority, is that unauthorised? If an authorised employee commits an act that violates a policy, does that make it unauthorised? These questions could have been avoided if the LMA had sought to define a ‘Cyber Act’ in terms of actual cyber threats rather than generalities.
Cyber Incident has two limbs:
1. an error or omission involving access, processing, use or operation of a Computer System. For this limb, it appears that the errors or omissions could be by the insured or a third party. But it is appropriate to consider: where is the cyber risk here? Separately, the second limb of ‘Cyber Incident’ is concerned with the outcome rather than the cause – this makes the Cyber Incident exclusion very broad and means that it could exclude liability in the absence of an actual cyber risk; and
2. any unavailability (whether partial or total) or failure to access, process, use or operate (whether partial or total) any Computer System.
The definition of Computer System includes ‘any electronic device’. While the concept of a computer system has undoubtedly changed over time, not every electronic device is a computer system. In this respect, the LMA’s definition of Computer System over-reaches;
Data means information, facts, concepts, code or any other information of any kind that is recorded or transmitted in a form to be used, accessed, processed, transmitted or stored by a Computer System [emphasis added]. Since physical documents could be scanned, photocopied or faxed, such documents could be ‘Data’. It would be more appropriate if Data were re-defined such that it was limited to electronic data (perhaps even using ‘electronic data’ without definition) and did not extend to physical documents.

Re-thinking the Data exclusions

Paragraph 1.2 of LMA5468, LMA5469 and LMA5470 contains the ‘Data’ exclusions, excluding liability in connection with any:

1.2 loss of use, reduction in functionality, repair, replacement, restoration, reproduction, loss or theft of any Data, including any amount pertaining to the value of such Data;

Paragraph 1.2 is problematic because it puts separate exclusions into a single clause and seems to confuse what could be termed ‘circumstance’ and ‘property’ exclusions. Consider if paragraph 1 of LMA5468, LMA5469 and LMA5470 were amended to the following:

1. Notwithstanding any provision to the contrary within this Policy or any endorsement thereto –

1.1 this Policy does not apply to any loss, damage, liability, claim, fines, penalties, cost or expense of whatsoever nature directly or indirectly caused by, contributed to by, resulting from, arising out of or in connection with:

1.1.1 any Cyber Act or Cyber Incident; or

1.1.2 any action taken in controlling, preventing, suppressing or remediating any Cyber Act or Cyber Incident; or

1.1.3 any loss of use or reduction in functionality of Data,

regardless of any other cause or event contributing concurrently or in any other sequence thereto unless subject to the provisions of paragraph 5 [note: subjectivity only appropriate for LMA5469 and LMA5470];

1.2 this Policy excludes any loss, damage, liability, claim, fines, penalties, cost or expense of whatsoever nature for any:

1.2.1 repair, replacement or restoration of Data; [note: deleted ‘reproduction’]

1.2.2 loss or theft of Data; or

1.2.3 amount pertaining to the value of Data.

The exclusions in paragraphs 1.2.1, 1.2.2 and 1.2.3, above, are concerned with Data as property and not circumstances within a broader chain of causation. Note, also, that the word ‘reproduction’ has been intentionally omitted from sub-clause 1.2.1 – the term ‘reproduction’ is problematic because it could apply to a third party that is distributing the Data and this is inconsistent with the other terms in that sub-clause.

The exceptions of LMA5469 and LMA5470

While LMA5468 does not have any exceptions to its exclusions, LMA5469 and LMA5470 do. Specifically,

LMA5469 has exceptions for ‘ensuing third party bodily injury’ or ‘ensuing physical damage to or destruction of third party property’ arising from a Cyber Incident; while,
LMA5470 has exceptions for ‘ensuing third party bodily injury’ or ‘ensuing physical damage to or destruction of third party property’ arising from a Cyber Incident or Cyber Act.

However, these exceptions may not be effective if the Data exclusions in paragraph 1.2 were enlivened. This is why the ‘Data’ exclusions should be amended, potentially as proposed above.

In determining the scope of the LMA5469 and LMA5470 exceptions, it is important to consider the cover provided by the underlying policy. In Australia, many General Liability (GL) or Public and Product Liability (PPL) policies indemnify the insured for its liability to pay compensation for:

‘injury’, which may include bodily injury, mental injury, invasion of privacy, defamation and discrimination; and
‘property damage’, which may include both a) damage to tangible property (including loss of use therefrom) and b) loss of use of tangible property which arises out of damage to other tangible property.

In comparing the exceptions in LMA5469 and LMA5470 with these definitions, it is apparent that:

‘bodily injury’ in the exceptions of LMA5469 and LMA5470 is narrower than ‘injury’ in many General Liability policies, such that mental injury, invasion of privacy, defamation and discrimination remain excluded; and
‘damage to or destruction of tangible third party property’ in the exceptions of LMA5469 and LMA5470 is narrower than ‘property damage’ in many General Liability policies since there is no allowance for ‘loss of use’ of property.

Other features of LMA5468, LMA5469 and LMA5470

Other features of LMA5468, LMA5469 and LMA5470 are as follows –

Paragraph 2: a ‘reading down’ clause whereby, if any portion is invalid or unenforceable, the remainder shall apply in full force and effect (or, in the words of the endorsement, ‘the remainder shall remain…’);
Paragraph 3: a ‘primacy clause’ whereby the endorsement supersedes or replaces any other clauses in the policy regarding Cyber Acts, Cyber Incidents or Data. Note, however, that this clause is deleted from LMA5468A, LMA5469A and LMA5470A;
Paragraph 4: reverses the onus of proof such that, if the insurer alleges that the endorsement excludes ‘loss sustained by the Insured’, then the insured has the burden of proving otherwise. Here, it is appropriate to consider:
1. what would be required for an insurer to ‘allege’ that the exclusion applies? The endorsement is silent on this; and
2. what justifies reversing the onus of proof? Parties to an insurance contract may specify who bears the onus of proving a particular fact, even if this involves reversing the onus of proof: see Levy v Assicurazione Generali [1940] AC 791. However, reversing the onus of proof is contrary to the interests of insureds and conflicts with the traditional position whereby the insurer must prove that an exclusion applies. Given the resources and expertise of insurance companies, it is difficult to see how reversing the burden of proof could lead to more equitable outcomes.

Separately, it is unusual that paragraph 4 only uses the term ‘loss’ when paragraph 1 uses the terms ‘loss’, ‘damage’, ‘liability’, ‘claim’, ‘fines’, ‘penalties’, ‘cost’ and ‘expense’. While the intention of the clause is almost certainly to exclude all of these, the endorsement itself is not so explicit.

Please note that LMA5468, LMA5469 and LMA5470 have since been replaced by LMA5468A, LMA5469A and LMA5470A. The analysis in this article, however, is relevant to those updated endorsements.

LMA5400 and LMA5401: Cyber and Data endorsements

August 8, 2020 by Stephen Tomlinson

Analysis of LMA5400 and LMA5401

Background

Published on 13 November 2019 by Lloyd’s Market Association (LMA), LMA5400 and LMA5401 are intended for use on property insurance policies arranged either on a direct or facultative reinsurance basis.

It is difficult to concisely summarise the effects of LMA5400 and LMA5401 because they contain six far-reaching exclusions which utilise broad definitions (a ‘Computer System’, for example is ‘any… electronic device’). LMA5400 has a very limited exception to some of its exclusions, though this may not be effective because of the operation of LMA5400’s other exclusions. Rather than excluding cyber risks such as computer viruses, denial-of-service (DOS) attacks or hacking, LMA5400 and LMA5401 are based on the possible results of such risks rather than the causes, and only require ‘connections’ rather than causation for the exclusions to operate. As a result, LMA5400 and LMA5401 may exclude damage and losses that are not caused by cyber risks, and it is unclear whether insurers understand the uncertainty that this creates for themselves and insureds.

Exclusions	LMA5400	LMA5401
Cyber Act: loss or damage in connection with unauthorised, malicious or criminal act involving access to or use of an electronic device	Excluded	Excluded
Cyber Incident #1: loss or damage in connection with error or omission involving access to or use of an electronic device	Excluded	Excluded
Cyber Incident #2: loss or damage in connection with the unavailability or failure to access or use an electronic device	Excluded	Excluded
Loss or damage in connection with loss of use or reduction in functionality of Data	Excluded	Excluded
Replacement or restoration of Data	Excluded	Excluded
Value of Data	Excluded	Excluded
Exceptions and scenarios
Exception for property damage caused by fire or explosion which results from Cyber Incident	Yes, but Cyber Act or Data exclusions may prevail	Excluded
Exception for business interruption caused by fire or explosion which results from Cyber Incident	Excluded	Excluded
Exception for property damage or business interruption if insured peril causes unavailability or failure to use an electronic device	Excluded	Excluded
Basis of Valuation
Basis of Valuation for Data Processing Media	Cost to repair or replace the media, plus costs of copying Data from back-ups or originals	None

The Exclusions: LMA5400 and LMA5401

LMA5400 and LMA5401 contain four separate exclusions on damage and loss in connection with:

any unauthorised, criminal or malicious act involving a Computer System (a ‘Cyber Act’), whether the Computer System is the Insured’s or a third party’s;
an error or omission involving access to, processing of, use of or operation of any Computer System (a ‘Cyber Incident’);
partial or total unavailability or failure to access or use any Computer System (also a ‘Cyber Incident’); and,
the loss of use or reduction in functionality of Data.

Beyond this, LMA5400 and LM5401 also exclude:

the replacement or restoration of Data; and,
the value of Data.

Initial observations: LMA5400 and LMA5401 are far broader than ‘cyber’ endorsements

Although considered further below, LMA5400 and LMA5401 define ‘Computer System’ as ‘any… electronic device… owned or operated by the Insured or any other party’ (see ‘Definition: Computer System’). From this, it is apparent that:

a) Exclusion 1), above, excludes damage and loss in connection with criminal acts – such as criminal damage, theft or vandalism – involving an electronic device;

b) Exclusion 1), above, may exclude damage and loss in connection with a person using an electronic device in an unauthorised manner (i.e. in breach of instructions). Exclusion 2), above, is also relevant in this scenario since it excludes property damage or loss in connection with an error or omission in using an electronic device;

c) Exclusion 1), above, may exclude damage and loss in connection with a person that has not been authorised to use an electronic device doing so, notwithstanding that they may have used the device in an authorised manner;

d) Exclusion 3), above, excludes damage and loss in connection the unavailability of an electronic device. Clause 2 of LMA5400 provides a partial exception to this exclusion (see ‘Perils exception’, below), but this only applies where the unavailability results in a fire or explosion. If there is an insured peril which causes damage to an electronic device, that damage may be excluded by LMA5400 and LMA5401, as may subsequent damage and business interruption;

e) Because the unavailability of a computer system will often involve a loss of use of Data, there is overlap between Exclusions 3) and 4), above. Even if the partial exception for Exclusion 3) and Cyber Incidents applies, effect would be given to the exclusion (see ‘A Cyber Incident and another exclusion applies? Exclusion prevails’); and,

f) Similar to Exclusion 3), Exclusion 4) excludes damage and loss from the loss of use of Data. If there is an insured peril which causes damage to a device containing Data, that damage will be excluded by LMA5400 and LMA5401, as will subsequent damage and business interruption.

These initial observations are not intended to be an exhaustive analysis, but demonstrate how LMA5400 and LMA5401 are far broader than the ‘Cyber’ endorsements which they purport to be.

Attribution language: causation not required for exclusions to apply

Sub-clause 1.2 includes the following attribution language: directly or indirectly caused by, contributed to by, resulting from, arising out of or in connection with. Of these, ‘in connection with’ (as used in the list of exclusions above) is the broadest and most significant because it may not require the excluded circumstance to be a proximate or remote cause of the damage/loss for the exclusion to apply. As per the anti-concurrent causation language (‘regardless of any other cause or event contributing concurrently or in any other sequence thereto’), the exclusions in LMA5400 and LMA5401 can apply even if there are other proximate or remote causes of damage/loss.

LMA5400 Perils exception

Despite the exclusions of clause 1, clause 2 of LMA5400 contains an exception where:

1) a Cyber Incident

results in

2) a fire or explosion

that causes

3) physical loss or damage to property insured.

However, this exception will not apply where the Cyber Incident has a connection with a Cyber Act. Furthermore, while the exclusions exclude ‘loss’ generally, the exception in clause 2 is only for ‘physical loss or physical damage to property insured’ such that business interruption losses remain excluded by clause 1. This appears to be an unfair result for insureds – where the intention of the underlying policy is to pay business interruption loss that results from covered damage to property – since this intention is overridden by the endorsement.

LMA5401 does not contain an equivalent exception to clause 2 in LMA5400.

What if the peril comes first? Exclusion prevails

While clause 2 of LMA5400 provides cover where a Cyber Incident results in a fire or explosion that causes physical loss or damage to property insured, what happens if:

1) a fire or explosion

results in

2) a Cyber Incident, i.e.

a) an error or omission involving access or use of a Computer System, or

b) unavailability (partial or total) or failure to access or use a Computer System,

which causes

c) damage to property and business interruption?

In this case, the property damage and business interruption will be excluded. Again, this outcome may justifiably be considered unfair for the insured where the proximate cause of damage and business interruption is an insured peril. Nonetheless, the words ‘regardless of any other cause or event contributing concurrently or in any other sequence to the thereto’ in clauses are clearly intended to have this effect.

This unfairness may be exacerbated by the realisation that Computer System is defined to include ‘any… electronic device’ (see ‘Definition: Computer System’).

A Cyber Incident and another exclusion applies? Exclusion prevails

Consider a scenario in which:

1) a computer virus infects the insured’s computer systems

causing

2) those Computer Systems to be unavailable (a ‘Cyber Incident’ for which the exception would apply); and

3) Data on those Computer Systems to be deleted or corrupted (as per the exclusion in sub-clause 1.2),

resulting in

4) a fire or explosion

that causes

5) physical loss or damage to property insured.

In this scenario, it can be appreciated that there are two circumstances connected with the loss:

1) the Cyber Incident for which there is cover under clause 2; and,

2) the deletion or corruption of Data, which is excluded under clause 1.2.

As such, the common law principle as articulated in Wayne Tank and Pump Co Ltd v Employers’ Liability Assurance Corpn Ltd [1974] QB 57 (CA) may apply such that effect would be given to the exclusion. Per Cairns LJ in Wayne Tank:

if one cause is within the words of the policy and the other comes with an exception [i.e. exclusion] in the policy, it must be taken that the loss cannot be recovered under the policy. The effect of an exception is to save the insurer from liability for a loss which but for the exception would be covered.

While an outcome that is consistent with a common law principle may be hard to argue against, it should be noted that some policies – such as the Mk.V Modified Industrial Special Risks (ISR) policy – do provide cover where there is a non-excluded proximate cause of damage, notwithstanding that an excluded cause of damage may have preceded or followed it. From the Mark V Modified ISR:

Provided that the Insurer will indemnify the Insured for any Damage to Property Insured caused directly by any circumstances not excluded under Section 1 of this Policy, notwithstanding that these circumstances may in turn have been caused by any of the circumstances referred to in Exclusions 6.2.1 to 6.2.17.

Ultimately, this example of a computer virus should serve to demonstrate just how limited the perils exception in clause 2 of LMA5400 is.

Separately, it may be recalled that NMA2914 and NMA2915 have exceptions for property damage if:

1) loss of or damage to Electronic Data

causes

2) a Fire or Explosion.

LMA5400, however, has no such exception.

Basis of Valuation

LMA5400 provides a basis of valuation (or basis of settlement) for Data Processing Media, which is defined as property on which Data can be stored. Specifically, the basis of settlement for Data Processing Media is:

1) the cost to repair or replace the Data Processing Media; and

2) costs of copying Data from back-ups or from originals.

Like NMA2915 and NMA2914A, LMA5400 excludes costs of research and engineering, and costs to recreate, gather or assemble such Data. As per NMA2914, NMA 2915 and NMA2914A, LMA5400 states that if the media is not repaired, replaced or restored, then the basis of valuation is the cost of blank Data Processing media.

Similar to NMA2914, NMA 2915 and NMA2914A with respect to Electronic Data, LMA5400 states that the policy does not insure the value of Data. While this proposition is readily understandable for Electronic Data, on the basis that intangible assets and intellectual property are not typically covered by property policies, it is problematic for LMA5400 because its definition of ‘Data’ could include physical documents (see ‘Definition: Data’, below).

LMA5401 does not contain a basis of valuation.

Definitions

Definition: Computer System

In LMA5400 and LMA5401, the definition of ‘Computer System’ includes ‘any… electronic device’. It is noted that the ‘electronic device’ does not have to be associated with an actual computer. While the term ‘electronic device’ may lack a precise definition, the term could be applied to electrically powered devices and electronically-controlled devices.

To be clear, the broad definition of ‘Computer System’ in LMA5400 and LMA5401 makes the exclusion far broader than may have been intended. Specifically, Exclusion 3, above, has the effect that LMA5400 and LMA5401 will exclude loss or damage in connection with the unavailability or failure to access/use an electronic device.

It is noted that the definition of ‘Data’ (considered below) includes ‘code’, while the definition of ‘Computer System’ includes ‘software’ which consists of code. Under LMA5400 and LMA5401, the definition of ‘Computer System’ could also include ‘Data’. Consideration of the incongruities of these overlapping definitions, however, is beyond the scope of this analysis.

Definition: Data

The definition of ‘Data’ in LMA5400 and LMA5401 is unusual in that it is defined as ‘information of any kind that is recorded… in a form to be used, accessed, processed, transmitted or stored by a Computer System’. Given the ability of computers to scan and interpret physical documents, the definition of ‘Data’ in LMA5400 and LMA5401 could include physical documents. This may appear to be a perverse outcome, but the definition is not explicitly limited to ‘Electronic Data’ as that term is commonly defined in property policies (and was used in NMA2914, NMA2915 and NMA2914A).

As such, LMA5400 and LMA5401 could exclude damage to physical documents, manuscripts, deeds, specifications, plans, drawings, designs, books and other records.

Definition: Cyber Act

For LMA5400 and LMA5401, Cyber Act means “an unauthorised, malicious or criminal act or series of related unauthorised, malicious or criminal acts, regardless of time and place, or the threat or hoax thereof involving access to, processing of, use of or operation of any Computer System.”

The term ‘unauthorised act’ could be applied to:

1) an otherwise authorised person carrying out an act:

a) for which they have not been authorised (perhaps the act is outside the scope of their duties); or

b) that is contrary to instructions or guidelines (perhaps issued by an employer or manufacturer of a device);

2) an unauthorised person carrying out an act.

There may be emergency scenarios which compel persons to perform acts – involving electronic devices – for which they are not authorised in order to avoid or minimise the risk of injury or property damage. LMA5400 and LMA5401 do not appear to have considered such scenarios.

As noted above, the term ‘malicious or criminal act’ is also problematic because it could be applied to criminal damage, theft or vandalism involving an electronic device. Such acts should not be the subject of a cyber exclusion.

Definition: Cyber Incident

For LMA5400 and LMA5401, ‘Cyber Incident’ means

any error or omission or series of related errors or omissions involving access to, processing of, use of or operation of any Computer System; or
any partial or total unavailability or failure or series of related partial or total unavailability or failures to access, process, use or operate any Computer System.

The definition of ‘Cyber Incident’ demonstrates why LMA5400 and LMA5401 can have such broad application: they contemplate the results of cyber risks rather than cyber risks themselves. In its second limb, a ‘Cyber Incident’ is the unavailability or failure to use an electronic device. It should be apparent that there are many insured, non-cyber perils that could cause this, yet LMA5400 and LMA5401 make no such distinctions.

NMA2914, NMA2914A, NMA2915 and NMA2915A

August 8, 2020 by Stephen Tomlinson

Analysis of NMA2914, NMA2915, NMA2914A and NMA2915A

About

NMA2914, NMA2915, NMA2914A and NMA2915A are Electronic Data Endorsements that have been widely applied to Property policies. Since these endorsements can significantly reduce cover, it is important that their effects are understood. While NMA2914 and NMA2915 were published by the Non-Marine Association (NMA) on 25/01/01, NMA2914A and NMA2915A were released on 11/3/2015.

While NMA2914, NMA2915, NMA2914A and NMA2915A have been used by insurers (and reinsurers) to avoid exposure to cyber risks, these endorsements only address cyber risk indirectly by including ‘Computer Virus’ as a possible cause of loss of, or damage to, Electronic Data. Instead, these endorsements exclude damage and loss that results from damage to or loss of Electronic Data.

Summary: reductions in cover

1) NMA2914, NMA2915, NMA2914A and NMA2915A exclude loss of or damage to Electronic Data. However, NMA 2914 and NMA 2915, do provide cover for property damage if loss of, or damage to, Electronic Data causes a Fire or Explosion; NMA2914A and NMA2915A do not.

2) NMA2914, NMA2915, NMA2914A and NMA2915A all exclude business interruption loss that results from loss of or Damage to Electronic Data.

3) If a) an insured peril causes loss of or damage to Electronic Data, and b) that loss of or damage to Electronic Data results in subsequent property damage and business interruption, then such subsequent losses are excluded. This outcome demonstrates why insureds should resist the application of NMA2914, NMA2915, NMA2914A and NMA2915A.

For further analysis, please continue reading.

	NMA2914	NMA2915	NMA2914A	NMA2915A
Loss of, or damage to, Electronic Data	Excluded	Excluded	Excluded	Excluded
Cover for property damage caused by fire or explosion if such perils result from loss of, or damage to, Electronic Data	Yes	Yes	No	No
Cover for business interruption if loss of or damage to, Electronic Data causes fire or explosion	No	No	No	No
Cover if an insured peril causes loss of or damage to Electronic Data and subsequent property damage and business interruption	No	No	No	No
Basis of valuation: media	Cost to repair, replace or restore such media	Cost to repair, replace or restore such media. If no sub-limit: Cost of blank media	Cost of blank media	Cost of blank media
Basis of valuation: Electronic Data	Cost to reproduce any electronic data	Cost to reproduce any electronic data. If no sub-limit: cost of copying electronic data from back-ups or originals	Cost of copying electronic data from back-ups or originals	Cost of copying electronic data from back-ups or originals
Sub-limit	In the risk details	In sub-clause 2.1.1	No reference	No reference
Value of Electronic Data	None	None	None	None

The Exclusions: NMA2914, NMA2915, NMA2914A and NMA2915A

Sub-paragraphs a) of NMA2914 and NMA2915, and Clauses 1.1.1 of NMA2914A and NMA2915A, effectively contain two exclusions:

1) An exclusion on loss of or damage to Electronic Data; and,

2) An exclusion on loss resulting from 1), above (i.e. an exclusion on loss resulting from loss of or damage to Electronic Data).

To the extent that Electronic Data may be considered property, the first exclusion may be regarded as a property exclusion; the second exclusion may then be considered a business interruption exclusion.

Definition of Electronic Data

The definitions of Electronic Data in NMA2914, NMA2915, NMA2914A and NMA2915A are identical and similar to those in many Property policies. If the underlying policy already has such a definition, however, then the definition of Electronic Data in NMA2914, NMA2915, NMA2914A and NMA2915A could be deleted.

Definition of Computer Virus

Since ‘computer virus’ is included as a cause of loss of or damage to Electronic Data, its definition is not material. Nonetheless, the definition of ‘Computer Virus’ in NMA2914, NMA2915, NMA2914A and NMA2915A poses interpretive difficulties –

1) if a computer virus is an unauthorised instruction or code, how is ‘authorisation’ determined? Practically, the vast majority of computer instructions and code will not have been ‘authorised’ by users or system administrators;

2) ‘propagate’ is typically used in the context of organisms being reproduced from parent stock. Here, the term is applied to instructions/code that ‘propagates’ through a computer system or network. But what of instructions/code on a single computer system that carries out a malicious operation but does not ‘propagate’? And what of malicious instructions/code that is transmitted by e-mail between computers that are not networked? Potentially, such instructions/code may not fit the definition of ‘computer virus’ in 1.1.3.

The above items are not exhaustive, though further analysis is beyond the scope of this analysis.

Listed Perils writeback: NMA2914 and NMA2915 only

Unlike NMA2914A and NMA2915A, NMA2914 and NMA2915 do provide cover in sub-clause 1(b) for property damage if:

1) loss of or damage to Electronic Data

causes

2) a Fire or Explosion.

On this basis, NMA2914A and NMA2915A may be regarded as inferior to NMA2914 and NMA2915. However, this sub-clause 1(b) in NMA2914 and NMA2915 only writes back cover for property damage such that business interruption losses remain excluded by sub-clause 1(a). This appears to be an unfair result for insureds – where the intention of the underlying policy is to pay business interruption loss that results from covered damage to property – since this intention is overridden by the endorsement.

What if the peril comes first? Exclusion prevails

While the listed perils writeback in NMA2914 and NMA2915 is beneficial, consider:

1) a peril insured by the policy (including but not limited to Fire or Explosion)

which causes

2) loss of or damage to Electronic Data

which, in turn, causes

3) further damage and business interruption.

The effect of NMA2914, NMA2915, NMA2914A and NMA2915A is that the loss of or damage to Electronic Data, the resultant property damage and the resultant business interruption are all excluded (i.e. 2) and 3), above). This outcome may justifiably be considered unfair for the Insured where the proximate cause of damage and business interruption is an insured peril. Nonetheless, the words ‘regardless of any other cause or event contributing concurrently or in any other sequence to the loss’ in sub-clauses 1(a) of NMA2914 and NMA2915, and sub-clauses 1.1.1 in NMA2914A and NMA2915A, are clearly intended to have this effect.

Basis of Valuation/Settlement: Electronic Data Processing Media Valuation

While NMA2914, NMA2915, NMA2914A and NMA2915A exclude loss of or damage to Electronic Data, the ‘Electronic Data Processing Media Valuation’ clause does provide for the reinstatement of Electronic Data, but this is conditional on covered damage to ‘electronic data processing media’.

For NMA2914, the basis of valuation (or basis of settlement) for ‘electronic data processing media’ is the cost to:

1) repair, replace or restore such media to its prior condition; and,

2) ‘reproduce’ any electronic data contained thereon.

NMA2914A provides the same basis of valuation if a sub-limit is specified in sub-clause 2.1.1.

However, for

1) NMA2914A where a sub-limit is not specified in sub-clause 2.1.1,

2) NMA2915, and

3) NMA2915A,

the basis of valuation for electronic data processing media is:

1) the cost of blank media; and

2) the costs of copying the electronic data from back-ups or originals.

These bases of valuation are inferior to that in NMA2914 because it does not include costs to ‘reproduce’ electronic data. In practice, there may not be any practical difference if the insured has back-ups of the electronic data. But if the insured does not have back-ups, then the term ‘reproduce’ may include activities to re-create, gather or assemble electronic data, because such activities are explicitly excluded in NMA2914A, NMA2915 and NMA2915A.

Sub-Limits

To summarise,

1) NMA2914 requires the sub-limit to be specified in the Risk Details;

2) NMA2915 and NMA2915A do not have sub-limits; and,

NMA2914A provides for a sub-limit to be entered in sub-clause 2.1.1, but sub-clause 2.1.2 addresses cases where no sub-limit is entered.

For NMA2914A, the absence of a sub-limit from sub-clause 2.1.1 is beneficial from an insured’s perspective for the reinstatement of the electronic data processing media, but this benefit may be outweighed by the detriment of the inferior basis of valuation.

Value of Electronic Data: none

Finally, NMA2914, NMA2915, NMA2914A and NMA2915A clarify that the policy does not insure the value of Electronic Data. While Electronic Data may be property for the purposes of the underlying policy, the value of such Electronic Data is an intangible asset and represents intellectual property. Intangible assets and intellectual property are not typically covered by property policies.