An Insurance Company in the U.S. has Denied a Claim from a Manufacturer Whose Computer Network was Damaged by a Ransomware Attack
In a stunning case that is still making its way through the courts, a U.S. manufacturer is suing after being informed their insurance may not cover Ransomware attack damages. Based on wording in their insurance policy covering “physical loss or damage to electronic data, programs or software” caused by “the malicious introduction of a machine code or instruction.” snack-food manufacturer Mondelez filed a $100 million claim for damage caused to its network of 1,700 servers and 24,000 laptop computers after it was victimized by the NotPetya ransomware attacks in July 2017. Zurich America balked at the amount and offered a $10 million settlement. After the company rejected the settlement offer, Zurich America claimed their insurance may not cover ransomware based on an exclusion clause in the policy against losses caused by “hostile or warlike action in time of peace or war by any government or sovereign power.”
This matter is before the courts
Zurich America is denying the claim based on news reports at the time accusing the Russian government of creating the targeted Ransomware as part of its conflict with Ukraine. However, there has been no concrete proof that Russia was behind the attack, nor is there reason to believe that a U.S. based company so far removed from the conflict zone could be deemed as having been part of the “collateral damage”. The judge in the case may be forced to rule on the validity of Zurich America’s claim. It is feared that this case, regardless of outcome, could have long lasting effects on the insurance policies of other companies, leading to either reductions in coverage or massive increases in premiums.
If you have insurance coverage for damages to computer networks caused by viruses and other malicious software, you are encouraged to carefully read your policy for exclusions and contact your carrier for further guidance.
Jack Eisenberg is the owner of Safe and Secure Computing and regularly contributes computer security related articles.