Reinsurance News

Zurich settles NotPetya cyber lawsuit

7th November 2022 - Author: Matt Sheehan

Switzerland headquartered insurer Zurich has reached a settlement with multinational food and beverage company Mondelez International to close a $100 million lawsuit brought against the insurer for refusing to pay out on cyber claims related to the 2017 NotPetya attack.

cyber-attack-hackerDetails of the settlement have not been disclosed, but notably it comes midway through a case that many in the re/insurance industry had hoped would set a legal precedent around issues of acts of war in cyber coverage.

Zurich had denied claims from Mondelez on the grounds that the NotPetya attack, which initially targeted Ukrainian organizations, had been a state-sponsored attack by Russia and therefore fell under its act of war exemptions.

Firms such as Mondelez were considered to have taken collateral damage as the malware spread beyond its initial targets, with Mondelez claiming to have incurred $100 million of damages after having 24,000 laptops and 1,700 servers wiped out on its network.

Believing this represented clear physical loss or damage under its cyber insurance policy, Mondelez therefore brought a lawsuit against Zurich to contest the interpretation of its war exemptions.

Tremor - The modern way to place reinsurance

Insurers have since been looking to this case for a clear verdict on how policy wordings and exclusions on this nascent class of business would hold up under intense legal scrutiny.

This early settlement by Zurich is thus an unsatisfactory conclusion for many, although it does indicate that Zurich perhaps saw that the court was beginning to weigh in favor of Mondelez and sought to wrap things up while there was still room to negotiate terms.

Nevertheless, the case will still have significant implications for cyber coverage and policy wordings going forward, particularly following a similar ruling in January, when a US court sided with global pharmaceutical company Merck on NotPetya claims.

For instance, insurers might seek to limit payouts for NotPetya type incidents in future, commentators have suggested, or will look to introduce new exclusions and shift away from act of war language, which could be more open to dispute and interpretation.

Print Friendly, PDF & Email

Recent Reinsurance News