With ransomware attacks on the rise, more companies are buying cyber insurance to protect themselves against data hijacks and the consequent loss of business. But at least one cyber insurer is rejecting a claim related to NotPetya, a form of ransomware that threatens to delete files on computers and servers unless a ransom is paid.

Deerfield, Illinois snack-food company Mondelēz International said the NotPetya virus triggered the shutdown of about 1,700 servers and 24,000 laptops, creating bedlam at factories and stopping production. The company tallied the damages at $100 million.

The company filed a claim with Zurich American Insurance for losses under a clause in its policy covering “physical loss or damage to electronic data, programs or software” caused by “the malicious introduction of a machine code or instruction.”

Zurich argues that this attack was an “act of war” and therefore not covered under its policy. It cited U.S. government-supported claims by the British government that the Russian military was behind the cyber attack as part of its ongoing conflict with Ukraine. Zurich’s exclusion clause in the policy does not cover losses caused by “hostile or warlike action in time of peace or war by any government or sovereign power.”

The insurance dispute is headed to an Illinois court and the outcome may set a precedent for future ransomware damage claims.

If the court gets a chance to rule on the act-of-war issue, many companies could find that they suddenly lack the coverage they thought they had and were paying for. Insurance firms may be forced to issue new policies that specifically cover state-sponsored cyber attacks. Such policies would likely become prohibitively expensive for all but the largest firms.

Contact us today.
(410) 729-0440 | Email