Mondelez’s Action against Zurich Signals Potential Gap in Cyber Policies
After the food and beverage conglomerate Mondelez International became a victim of the NotPetya ransomware attack in June 2017, around 1,700 of its servers and 24,000 of the company’s laptops were suddenly permanently unusable, not to mention other fallout, such as commercial supply and distribution disruptions, theft of credentials from many users, and unfulfilled customer orders, leading to losses that totalled more than $100 million.
“While the policy at issue is a property policy, the reason why this case is getting so much attention by the cyber insurance community is because the insurance company has denied coverage based on the war exclusion,” said James Carter (pictured), Of Counsel in Blank Rome’s policyholder-only insurance recovery practice, adding that a war exclusion appears in virtually every cyber insurance policy. “We don’t know specifically from the complaint the insurer’s rationale for raising the exclusion, but the NotPetya attack reportedly originated with Russia in its effort to destabilize the Ukraine. Because the virus had its origin in the activities of a sovereign state, that appears to be the reason why the insurance company is invoking the exclusion.”
"Mondelez’s Action against Zurich Signals Potential Gap in Cyber Policies," by Alicja Grzadkowska was published in Insurance Business Magazine on April 4, 2019.