The FT reports today that US food giant Mondelez is suing insurer Zurich for refusing to pay out on a claim associated with the NotPetya attack which affected the business, along with many others, in the summer of 2017.
It was only a matter of time before we saw insurance companies, who will have had several claims of this kind of recent years, start to challenge what they are actually responsible for covering. However, a number of commentators have noted that invoking a war clause to avoid liability is an unprecedented move.
All this speaks to the need for companies, particularly large international corporates, to have IT systems which are fit for purpose. In the cyber-first world we work in, security is only just reaching the c-suite as a priority focus, with the CSO or CISO is now being given more credence and increasingly a seat on the board. The understanding of security and its importance to the business must go beyond physical assets and user education and be part of the very fabric of the business.
2019 will likely see not only more creative and challenging cyber attacks, but it will see many more of these cases hitting the headlines. Businesses, insurers and cyber security vendors need to come together to ensure all their business are fit for the cyber landscape today, and in the future.
the case could have wide implications for the insurance market, potentially pushing insurance buyers to either buy cyber-specific policies or demand tighter terms for their non-cyber coverage.