RiskEvents

Developing event. Generated by AI and subject to further corroboration and review.

DevelopingLow impactAI Refreshed

Central Bank of Libya Isolates Systems Following Cyber Attack

Occurred 9 Jun 2026·Detected 14 Jun 2026·
🇱🇾 Tripoli, Libya2 reports
CyberPolitical RiskCyber

Libya's Central Bank disclosed a cyber incident affecting some of its systems, prompting isolation of affected components while core banking services continue. No confirmed indicators of customer account impact have been reported, and technical investigations remain ongoing. The event occurred in a JWC-listed jurisdiction of active conflict and political instability, raising latent political-risk and cyber treaty considerations, though no quantified loss or named insured linkage is presently established.

AI-generated from linked source reports. See our correction policy.

Impact verdict

Low impact. LOW: Source evidence does not establish a concrete London Market loss pathway — no named insured asset damage, no confirmed data or financial loss, no sanctions or regulatory action, and no market pricing impact. Sovereign cyber incidents in active-conflict jurisdictions carry latent political risk and potential financial-institution or cyber treaty exposure, but absent any quantified loss, named insured linkage, or service outage affecting market participants, insured severity remains low.

View assessment methodology

How we grade what we know -- Known · Reported · Uncertain. Methodology →

Intelligence ledger

Each line expands in place to its underlying sourced claim.

AI refreshed 14 Jun 2026, 23:13

Known10 lines

Central Bank of Libya experienced a cyber incident affecting some of its systems
structured lineknown
No separate sourced-claim record is available for this line yet.
Affected systems were isolated following the attack
structured lineknown
No separate sourced-claim record is available for this line yet.
Core banking services continue to operate
structured lineknown
No separate sourced-claim record is available for this line yet.
Technical investigations are ongoing
structured lineknown
No separate sourced-claim record is available for this line yet.
The incident occurred in a JWC-listed area of active conflict and political instability.
cbl_jwc_active_conflict_contextcontextualvalid from 9 Jun 2026, 00:00Political Risk
Market relevance: Adds political risk and war/cyber aggregation context
Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Supersession history: 1 prior/revised claim rows.
Libya's Central Bank disclosed a cyber incident affecting some of its systems.
cbl_cyber_incident_disclosedcontextual risk signalvalid from 14 Jun 2026, 03:42Cyber
Market relevance: Sovereign / financial institution cyber incident in JWC-listed active-conflict jurisdiction; latent political risk and cyber treaty exposure.
تحقيقات فنية مستمرة بعد تعرض بعض أنظمة مصرف ليبيا المركزي لحادث سيبراني مع استمرار الخدمات الأساسية” — Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Supersession history: 1 prior/revised claim rows.
Affected systems were isolated following the attack as a containment measure.
cbl_systems_isolatedcontextual risk signalvalid from 14 Jun 2026, 03:42Cyber
Market relevance: Isolation is consistent with incident-response containment; no broader outage affecting market participants reported.
تحقيقات فنية مستمرة بعد تعرض بعض أنظمة مصرف ليبيا المركزي لحادث سيبراني مع استمرار الخدمات الأساسية” — Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Supersession history: 1 prior/revised claim rows.
Technical investigations into the cyber incident are ongoing.
cbl_technical_investigation_ongoingcontextual risk signalvalid from 14 Jun 2026, 03:42Cyber
Market relevance: Active investigation; further detail on scope, actor, and impact pending.
تحقيقات فنية مستمرة” — Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Supersession history: 1 prior/revised claim rows.
Technical investigations into the cyber incident are ongoing.
cbl_investigation_ongoingstatusvalid from 9 Jun 2026, 00:00Cyber
Market relevance: Scope and impact remain to be determined
تحقيقات فنية مستمرة” — Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Core banking services continue to operate despite the cyber incident.
cbl_core_services_continuestatusvalid from 9 Jun 2026, 00:00Cyber
Market relevance: Limits direct financial-institution outage impact assessment
مع استمرار الخدمات الأساسية” — Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Supersession history: 1 prior/revised claim rows.

Reported5 lines

No confirmed indicators that customer accounts were affected
structured linereported
No separate sourced-claim record is available for this line yet.
The incident occurred in a JWC-listed area of active conflict and political instability.
libya_jwc_active_conflict_jurisdictioncontextual risk signalPolitical Risk
Market relevance: Raises latent political-risk, war, and sovereign-credit considerations; relevant to political-risk and trade-credit treaties.
Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
No confirmed indicators have been reported that customer accounts were affected.
cbl_no_confirmed_customer_account_impactcontextual risk signalvalid from 14 Jun 2026, 03:42Cyber
Market relevance: Limits immediate data-breach / financial-loss assumptions; subject to update as forensics proceed.
تحقيقات فنية مستمرة بعد تعرض بعض أنظمة مصرف ليبيا المركزي لحادث سيبراني مع استمرار الخدمات الأساسية” — Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Supersession history: 1 prior/revised claim rows.
No confirmed indicators have been reported that customer accounts were affected by the incident.
cbl_no_customer_account_impact_confirmedfactvalid from 9 Jun 2026, 00:00Cyber
Market relevance: Limits immediate retail/counterparty exposure assessment
لا مؤشرات مؤكدة على تأثر حسابات العملاء” — Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Core banking services continue to operate despite the incident and isolation measures.
cbl_core_services_continuingcontextual risk signalvalid from 14 Jun 2026, 03:42Cyber
Market relevance: Continuity of core services limits near-term systemic financial-institution outage impact.
مع استمرار الخدمات الأساسية” — Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media

Uncertain14 lines

Nature and origin of the attack (ransomware, DDoS, state-sponsored, etc.)
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Extent of data compromise or financial loss
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Identity of the threat actor
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Whether the incident will trigger regulatory or sovereign credit implications
structured lineuncertain
No separate sourced-claim record is available for this line yet.
The nature and origin of the attack (ransomware, DDoS, state-sponsored, or other) has not been disclosed.
cbl_attack_vector_uncertaincontextCyber
Market relevance: Affects potential aggregation and attribution scenarios
Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Nature and origin of the attack (e.g., ransomware, DDoS, state-sponsored, criminal) are not disclosed.
cbl_attack_nature_uncertaincontext onlyCyber
Market relevance: Attribution and vector drive cyber treaty and war/cyber exclusion considerations; currently unconfirmed.
Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Identity of the threat actor has not been disclosed or confirmed.
cbl_threat_actor_uncertaincontext onlyCyber
Market relevance: Threat actor identity drives war/cyber exclusion and accumulation considerations.
Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Extent of any data compromise or financial loss has not been disclosed.
cbl_data_or_financial_loss_extent_unknowncontextual risk signalCyber
Market relevance: No quantified loss prevents insured-severity banding; relevant to cyber, financial-institution, and political-risk treaty monitoring.
Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
The extent of any data compromise or financial loss has not been disclosed.
cbl_loss_extent_uncertainlossCyber
Market relevance: Without quantified loss, no London Market loss pathway can be established
Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Extent of any data compromise or financial loss is not known.
cbl_data_financial_loss_uncertaincontext onlyCyber
Market relevance: Quantified loss not available; cannot map to insured severity banding.
Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Whether the incident will trigger regulatory action, sanctions, or sovereign credit implications is uncertain.
cbl_regulatory_or_sovereign_credit_implications_uncertaincontextual risk signalPolitical Risk
Market relevance: Potential secondary effects on trade-credit, political-risk, and financial-institution lines if regulatory or credit actions materialize.
Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Whether the incident will trigger regulatory, sanctions, or sovereign credit implications is not yet known.
cbl_no_regulatory_credit_implication_knowncontext onlyPolitical Risk
Market relevance: Regulatory or sovereign credit actions could affect political risk and trade credit exposures.
Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Nature and origin of the attack (e.g. ransomware, DDoS, state-sponsored, criminal) have not been disclosed.
cbl_attack_vector_unknowncontextual risk signalCyber
Market relevance: Attack-vector uncertainty constrains treaty accumulation and attribution assessments for cyber and political-risk markets.
Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Identity of the threat actor has not been disclosed or attributed.
cbl_threat_actor_unattributedcontextual risk signalCyber
Market relevance: Attribution uncertainty affects political-risk and war/cyber treaty coverage considerations.
Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media

Geographic Zone Matches

2 active matches

  • Libya (12nm coastal buffer)
    Rule-basedConfidence 100%
  • JWC Listed Areas
    Rule-basedConfidence 100%

Geographic zone matches are RiskEvents spatial/analytical indicators, not coverage determinations or Lloyd's official classifications.

Affected countries

🇱🇾 Libya

Latest developments

  • Summary refreshed from cited evidence.
  • Impact rationale refreshed from cited evidence.
  • Central Bank of Libya confirms cyber incident affecting some systems. Al Jazeera Arabic
  • Central Bank of Libya isolated affected systems as a containment measure. Al Jazeera Arabic
  • Core banking services at Libya's Central Bank continue to operate. Al Jazeera Arabic
  • Technical investigations into the incident are ongoing. Al Jazeera Arabic
  • No confirmed indicators of customer account impact have been reported. Al Jazeera Arabic
  • Attack vector and origin remain undisclosed pending investigation. Al Jazeera Arabic

Timeline

Status Change15 Jun 2026, 05:14

Status changed to developing

evidence_trigger: corroboration >= 2

signal -> developing

Corroboration15 Jun 2026, 05:14

A cyberattack has hit the systems of Libya's Central Bank, prompting a banking sector alert. The article reports disrupted central bank operations in Libya, a country with minimal London specialty insurance market exposure. No commercial or insured asset losses are identified.

Source: Asharq Al-Awsat (Arabic) (Mainstream Media) · View source

Initial Detection14 Jun 2026, 03:42

Initial Detection

Libya's Central Bank disclosed a cyber attack on some of its systems, prompting isolation measures while core services continue. No confirmed indicators of customer account impact were reported. Technical investigations are ongoing, with the event occurring in a JWC-listed area of active conflict and political instability.

تحقيقات فنية مستمرة بعد تعرض بعض أنظمة مصرف ليبيا المركزي لحادث سيبراني مع استمرار الخدمات الأساسية

Source: Al Jazeera Arabic (Mainstream Media) · View source

Lloyd's classifications

Tracking this kind of risk? Get an email when Cyber events escalate.

Get alerts
← Back to live events