Page 29 - Insurance Times August New 2023
P. 29
launched in June 2017 on the eve of Ukrainian Constitution some liability, the majority of the participants of the insurance
Day. The report of the attack first came from Ukrainian program led by Chubb (ACE American Insurance Company)
companies, but soon spread across the world. The cyber attack denied the claim on the grounds of exclusion of war, as the
impacted various business organizations and government perpetrators of the attack were linked to the sovereign
entities spread across more than sixty-four nations around nation-state of Russia.
the world. Among those affected were the US
Mondelez International incurred damage of 100 million USD
pharmaceutical company Merck & Co, with an estimated
when the attack infected 24,000 laptops and 1,700 servers.
damage of $870,000,000; multinational food and beverage
Mondelez's policy covered "physical loss or damage to
company Mondelez International, with an estimated
electronic data, programs, software, including physical loss
damage of $188,000,000; Danish shipping conglomerate
or damage caused by the malicious introduction of machine
Maersk, with an estimated damage of $300,000,000 and
code or instruction" and thus considering the circumstance
even Russia's state-owned oil giant Rosneft. The total damage
of the attack they also raised a claim in their policy. Mondelez
from the NotPetya attack, as estimated by the White House
also confirmed in the court filings that the policy was updated
stood at $10 billion.
in 2016 to include losses caused by "malicious introduction of
machine code or instruction". However, the insurer Zurich
The American government blamed the attack on the Russian
American Insurance distanced itself from the claim raised by
military. A cyber warfare group by the name of Sandworm,
Mondelez International. Like in the case of Merck, here too
working under the Russian military intelligence service, was
the exclusion of war in Mondelez's insurance was used as the
identified as the main perpetrator of the attack. The Federal
ground for the denial of the claim (exclusion B.2(a) in the
Bureau of Investigation, USA even named 6 GRU (Russian
concerned policy).
Military) officials as the hackers involved in the said attack.
The United Kingdom and Australian governments also put The claim repudiation letter, dated June 1, 2018,
the responsibility for this attack on the Russian Military and defined war as :
Government. Many experts considered the attack an
"Hostile or warlike action in time of peace or war including
extension of the armed conflict between Ukraine and Russia.
action in hindering, combating, or defending against an
actual, impending, or expected attack by any
The Cases: i) Government or sovereign power (de jure or de facto)
As per court documents Merck's computer system got infected ii) Military, naval, or air force; or
which included more than 40,000 machines integrated with
iii) Agent or authority of any party specified in i or ii above."
its global network and reported damage to the tune of $1.4
billion. Merck preferred a claim in its global property insurance
Both the insured reached court to seek remedy which started
which had a consortium of insurers led by subsidiaries of
a lengthy litigation process.
Chubb. Following the claim while some insurers admitted to
The verdict:
In January 2022 the Superior Court of New Jersey awarded
Merck the victory, disallowing the insurer's application of war
exclusion. The court in its wisdom didn't even get into the
question of whether a sovereign nation-state was behind the
attack but instead focused on interpreting the term war in
its most obvious and literal sense. The Court decided that the
cyber attack can't be termed as a hostile act or war even if it
originated from a foreign sovereign-backed entity. The judges
were of the opinion that describing the cyber attack as war
meant stretching the term to its 'outer limit'. The fact that
Mercer itself is a non-military company further went in its
favor and was considered collateral damage. The judgment
The Insurance Times August 2023 23
