Zurich is refusing to pay out a $100m cyberattack damages claim by Cadbury owner Mondelez, which was hit by a series of ransomware attacks in 2017.
The insurance firm claims the policy did not cover “a hostile or warlike action” by a government or sovereign power, or by agents acting on behalf of one.
Attribution is so difficult in cybersecurity incidents. This case could make it pretty easy for insurance companies to play the nation-state actor 'get out of jail' card.
Imagine the business impact of having 1,700 servers and 24,000 laptops destroyed. And then when the time comes for your insurance company to pay the claim you receive the reply: "Computer says no."
Time to pull your insurance contract and read the fine print?
Mondelez believes its property insurance policy should cover damage to 1,700 of its servers and 24,000 laptops. Multinational food and beverage company, Mondelez, has launched a legal case against its insurance provider, Zurich, after it rejected a $100 million (£78.5 million) claim for damage caused by a ransomware attack. The firm, which owns the Cadbury, Toblerone and Ritz brands, was hit twice by NotPetya ransomware in 2017. Mondelez claimed that the attack had left 1,700 of its servers and 24,000 laptops “permanently dysfunctional”.