Earlier this month, pharma-giant Merck won a $1.4 billion lawsuit over insurance companies’ duty to pay for the damages stemming from the 2017 NotPetya cyberattack.
Though insurance has shifted a lot in the cyber realm since 2017, the case is still a learning opportunity for enterprises.
NotPetya was a catastrophe, causing untold billions of dollars of damage worldwide through wiper malware designed to look like ransomware.
The consensus among Western nations is that NotPetya was a Russian attack on Ukraine that globally ran amuck, causing companies like Merck to suffer massive losses.
Merck’s insurance, like the vast majority of insurance, had a clause excluding acts of war. But a New Jersey judge ruled that the clause excluding war was intended for armed conflict, not cyber conflict.