![]() ![]() 11, might apply to cyberattacks like NotPetya, though the Treasury Department has begun soliciting feedback on how to do that. Nor have they helped clarify the extent to which existing government insurance backstops for terrorism, as laid out in the Terrorism Risk Insurance Act (TRIA) passed after the attacks of Sept. Policymakers in several states and countries have taken an active interest in cyber insurance in the years since Mondelez’s suit against Zurich was filed, but they have done little to resolve the persistent uncertainty over what types of cyberattacks fall under insurance policy war exclusions. The June 1, 2018, letter to Mondelez denying their claim pointed to Exclusion B.2(a) in the company’s policy that specifically excluded coverage for any losses or damages resulting from “hostile or warlike action in time of peace or war, including action in hindering, combating or defending against an actual, impending or expected attack by any … government or sovereign power.” Cyberwar, the company argued, didn’t fall under the purview of its property insurance policies. Just two months earlier it had denied Mondelez’s claim for $100 million in NotPetya-related damages under its Zurich all-risk property insurance policy, pointing to the warlike nature of NotPetya. Andy Greenberg at Wired, for example, has explored the malware in terrific detail, so when he declared in August of 2018 that “the release of NotPetya was an act of cyberwar by almost any definition,” it encapsulated the thinking of insurers like Zurich. While the case remains undecided, insurance carriers and policyholders alike remain in a state of some uncertainty about what types of cyberattacks their coverage does and does not apply to, and policymakers have been slow to provide help to either side by, for instance, defining what types of assistance they might be willing to provide or what they expect from insurers by way of clarification.īecause it caused so much damage and was driven by broader political motivations, NotPetya is one of the most closely studied cyberattacks in history. The ensuing lawsuit between Mondelez and Zurich over whether NotPetya was actually sufficiently “warlike” to trigger the exception in Mondelez’s policy will have far-reaching consequences for both buyers and sellers of cyber insurance policies. So Mondelez filed a claim for the costs with its insurer, Zurich-only to then have that claim denied on the grounds that NotPetya was a warlike action and therefore excluded from Mondelez’s property and casualty insurance coverage. For Mondelez, the total damages were estimated at more than $100 million. Mondelez couldn’t have less to do with the tensions between Russia and Ukraine, but the company’s computer systems were still affected by NotPetya as it spread around the world. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |