What Enterprises Should Learn From Merck’s $1.4B Insurance Lawsuit

Earlier this month, pharma-giant Merck won a $1.4 billion lawsuit over insurance companies’ duty to pay for the damages stemming from the 2017 NotPetya cyberattack.

Though insurance has shifted a lot in the cyber realm since 2017, the case is still a learning opportunity for enterprises.

NotPetya was a catastrophe, causing untold billions of dollars of damage worldwide through wiper malware designed to look like ransomware.

The consensus among Western nations is that NotPetya was a Russian attack on Ukraine that globally ran amuck, causing companies like Merck to suffer massive losses.

Merck’s insurance, like the vast majority of insurance, had a clause excluding acts of war. But a New Jersey judge ruled that the clause excluding war was intended for armed conflict, not cyber conflict.