Cybersecurity Insurance Not Paying for NotPetya Losses
This will complicate things:
To complicate matters, having cyber insurance might not cover everyone’s losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. and other governments labeled the NotPetya attack as an action by the Russian military their claim was excluded under the “hostile or warlike action in time of peace or war” exemption.
I get that $100 million is real money, but the insurance industry needs to figure out how to properly insure commercial networks against this sort of thing.
roenigk • March 8, 2019 7:21 AM
Isn’t this a good thing? If corporations were reimbursed for such malware attacks, in-house risk would be dramatically reduced. Their required investment to prevent same could be justifiably reduced.
Being at-risk for all damage places IT security as an existential threat to the company. The board and management would be negligent if they did not take it seriously.