"Zurich and Mondelez Reach NotPetya Settlement, but Cyber-Risk May Increase"
Zurich American Insurance and Mondelez International have recently settled their dispute over the confectionary giant's $100m claim related to the 2017 NotPetya cyberattack. The lawsuit has been widely considered a test case for property war exclusions concerning cyberattacks. Julia O'Toole, CEO of MyCena Security Solutions, stated that this widely publicized case between Zurich and Mondelez International has paved the way for how future insurance claims relating to nation-state breaches will be handled. According to court documents seen by Law360, the parties have mutually resolved the matter, but details of the settlement were not provided. Mondelez initially tried to claim roughly $100m in losses related to the 2017 NotPetya events under its "all-risk" property insurance. The malware reportedly damaged 1700 of its servers and 24,000 laptops, disrupting distribution and customers. Zurich, in turn, invoked the policy's war exclusion, which excluded loss or damage caused by or resulting from hostile or warlike action by any government or sovereign power or their agents (since NotPetya threat actors were associated with Russia). Because of the insurance claim made by Mondelez, it triggered action by insurers to eliminate silent cyber coverage within traditional insurance policies. According to O'Toole, insurers can no longer afford to cover cyber negligence, and a big focus for them in the coming months will be around network access and network segmentation. O'Toole noted that insurers will want to see organizations getting better control over their user access credentials, so they are not so easy for attackers to steal. O'Toole stated that when organizations are not following good cybersecurity practices in the future, they may struggle to get insurance or find their current policies are no longer valid. According to a new report by Marsh, many organizations will miss out on cyber insurance in 2023.
Infosecurity reports: "Zurich and Mondelez Reach NotPetya Settlement, but Cyber-Risk May Increase"