Zurich, Mondelez case to test cyber insurance
Mondelez, the US food company that owns the Oreo and Cadbury brands, is suing Zurich Insurance for refusing to pay out on a $100 million claim for damage caused by the NotPetya cyber attack in what is seen as the first major legal dispute over how companies recover the costs of a cyber-attack.
The lawsuit, filed in Cook County Circuit Court in Illinois will have a big impact on cyber insurance, according to Deborah Chang, vice president of public policy at HackerOne, a vulnerability coordination and bug bounty platform that connects businesses with cybersecurity researchers.
Chang points out that the Mondelez case has much larger implications when it comes to evaluating cyber risk within an organization. No longer contained to cybersecurity teams, cyber insurance can now involve the chief financial officer’s office, general counsel, the board of directors, and others.
The NotPetya attack happened in the summer of 2017 and affected the computer systems of many companies across the globe, including pharmaceuticals company Merck and shipping group Maersk, causing billions of dollars of damage.
PCS Global Cyber estimates insured losses from NotPetya to be greater than $3 billion, with 90 percent of that attributable to silent cyber.
In the court papers Mondelez said it had been hit twice by NotPetya, with 1,700 of its servers and 24,000 laptops rendered “permanently dysfunctional”, according to a January 10 Financial Times article.
Mondelez made a claim for the costs on its property insurance policy that, it said, provided cover for “physical loss or damage to electronic data, programmes, or software, including physical loss or damage caused by the malicious introduction of a machine code or instruction”, the Financial Times noted. Zurich reportedly initially worked to adjust the claim in the usual way and at one point promised to make a $10 million interim payment. However, it later refused to pay, relying on an exclusion in the policy for “a hostile or warlike action” by a government or sovereign power or people acting for them, the Financial Times noted.
The attack has been blamed by Western states on Russian hackers attacking the Ukrainian government.
Chang commented: “No matter what the resolution of this lawsuit is, it is clear that the team responsible for the purchase of an insurance policy must now be hyperaware of cybersecurity risk. Specifically, how a cybersecurity breach, even if it is not as public and not as large as NotPetya, will be covered under a policy, what tools are in place to prevent loss from bad actors, what the threats are, how vulnerabilities are mediated, where the threats could be and most importantly, what tools need to be in place to prevent the breach. We encourage more cooperation and collaboration between all functions with an organization to the issue of cybersecurity and cyber risk”, she said.
Get all the latest re/insurance industry news with our daily newsletter - sign up here.
More of today's news
Swiss Re hit by $1bn cat losses in Q4
ArgoGlobal partners with Italian insurtech for on-demand insurance
HDI hires Allianz talent as it creates new specialty unit
Automation to transform commercial insurance: survey
Barbican bolsters Syndicate 1955 leadership
Download our survey inforgraphic on 'The Impact of Automation on Commercial Lines'
Already registered?
Login to your account
If you don't have a login or your access has expired, you will need to purchase a subscription to gain access to this article, including all our online content.
For more information on individual annual subscriptions for full paid access and corporate subscription options please contact us.
To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.
For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk
Editor's picks
Editor's picks
More articles
Copyright © intelligentinsurer.com 2024 | Headless Content Management with Blaze