Tekedia Forum

You need to log in to create posts and topics.

ACT OF GOD: Insurance in the age of Cyber

Check that insurance policy, again. This is from a Fortune newsletter:

Act of God. A precedent-setting lawsuit is underway between Mondelez, the Fortune 500 snack-maker behind brands such as Nabisco, Oreo, and Cadbury, and Zurich American Insurance Company, its insurance provider. After a global cyberattack dubbed "NotPetya"—widely attributed to Russia—cost Mondelez more than $100 million in losses last year, the food giant filed a claim for coverage. Zurich has declined to reimburse its client, arguing that it is exempt from doing so under an exclusion policy for acts of war by foreign powers. Robert Stines, a partner at the Chicago-based law firm Freeborn, recently drew attention to the dispute with a perspicacious blog post on his website, TechLawX.

Zurich's position that NotPetya was a hostile or warlike act by a government or sovereign power might be the first of its kind, and should send a ripple through the insurance industry.
In a previous article, I briefly discussed the risk of having "cyber insurance" that excludes warlike or terrorist activity. For a company in the United States, there is little risk of property damage or loss from a warlike or terrorist attack. Rather than pay a higher premium for a policy that covers warlike or terrorist activity, companies happily accept policies with an exclusion. In the cyber age, however, risk managers may have to reconsider whether paying a lower premium is a smart decision in a world where cyber incidents are frequently perpetrated by state-sponsored actors.
The burden will fall on Zurich to prove NotPetya was indeed perpetrated by the Kremlin, which denies all involvement. It's an unenviable position; in the murky world of cyberwar, definitive attribution can be an onerous proposition.