When the United States government assigned responsibility for NotPetya to Russia in 2018, insurers were provided with a justification for refusing to cover the damage. Just as they wouldn’t be liable if a bomb blew up a corporate building during an armed conflict, they claim not to be responsible when a state-backed hack strikes a computer network.
The disputes are playing out in court. In a closely watched legal battle, Mondelez sued Zurich Insurance last year for a breach of contract in an Illinois court, and Merck filed a similar suit in New Jersey in August. Merck sued more than 20 insurers that rejected claims related to the NotPetya attack, including several that cited the war exemption. The two cases could take years to resolve.
via Big Companies Thought Insurance Covered a Cyberattack. They May Be Wrong. – The New York Times.