Mondelēz Settlement of NotPetya Case Renews Concerns About Cyber ​​Insurance Coverage

This voice is auto-generated. Please let us know if you have any feedback.

Mondelez International, the global snack brand behind Oreo cookies and Ritz crackers, has settled a massive 2018 lawsuit against insurer Zurich American for more than $100 million in claims related to the NotPetya cyberattack. did.

A multi-year trial that was nearing a conclusion before the contract reached last month centered on whether insurers could refuse to pay because of the exclusion of traditional acts of war. A 2017 attack that damaged 24,000 laptops was linked to a Russia-affiliated nation-state threat actor using the EternalBlue exploit.

While the specific terms remain confidential, the settlement has rekindled concerns that attacks related to Russia’s invasion of Ukraine and other global disputes could lead to new business interruption claims, prompting insurers to puts more pressure on

According to Gartner Vice President Analyst Katell Thielemann, the NotPetya incident involved an attack on Ukrainian tax preparation software that halted the global manufacturing operations of some of the world’s largest multinationals. It is said that it was connected to

“This should have been a wake-up call for years,” Thielemann said. “However, many organizations are just beginning to pay attention to the security state of their cyber-physical systems in production.”

While we are unable to address the details of the Mondelē z case, the development is seen as another indicator of how important policy wording clarity is to the overall underwriting process, AM said. said Sridhar Manyem, Director of Industry Research and Analysis. number one.

“Lloyd’s of London requires insurance companies to: Rule out devastating nation-state based cyberattacks From standalone cyber reports,” Manyem said in an email. “Other insurers need to look carefully at unintended (silent, non-positive) losses and positive cyber losses that may be attributed to acts of war or state-based actors. may not be priced.”

Data released in October from Marsh Premium rates are still rising significantly, but the pace of their increase is beginning to slow. Average premium rates rose 54% in the July quarter compared to his 133% rise in the December quarter.

According to Moody’s, rising prices and tightening underwriting standards will reduce the loss ratio for cyber insurers to 65% by the end of 2021. The report cites Beazley data showing a cyber loss rate of 49%, compared to 69% at the end of 2021.

However, the cyber insurance industry continues to see strong demand for new policies. The market is expected to reach $22 billion by 2025 from $9.2 billion earlier this year, according to a Moody’s report, citing data from Munich Re.

S&P points out that insurers have in some cases. Cancellation of unsuccessful contracts by the policyholder To meet security standards. In other cases, especially in situations involving ransomware or business interruption, insurers are readjusting policy terms, increasing retention levels, or reducing coverage for certain types of losses. .

The cybersecurity community and the insurance industry are closely watching attacks against US entities related to the Ukraine war, and the insurance industry is watching how the government responds to these attacks.

Law firm partner Annmarie Giblin said, “The timing of this dispute is surprising because cyber warfare is universally excluded from positive cyber insurance policies and wording for those exclusions is still being crafted. It is.” of Hinshaw & Culbertson. “Thus, these new exclusions and the manner in which such exclusions are attributed to states could be significantly influenced by how the U.S. government reacts and responds to these recent cyberattacks. ”

Leave a Comment