So, this was a bit of an eye-opener on the financial effects from the latest corporate Malware breaches; Insurance Companies are declining coverage on the latest corporate malware breaches! In a recent article in the New York Times, it was brought to light that Mondelez International, a major global player in the food industry and one of hundreds of companies affected worldwide by the NotPetya attack in 2017, would have to bear the full burden of the more than $100MM financial hit the company experienced. Company executives had expected that their insurer, Zurich Insurance, to reimburse Mondelez for the financial blow it had suffered, only to be declined. Zurich had cited a common “war exclusion” clause that protected it and other insurers from being responsible for costs related to the damage from war. Mondelez was the unfortunate collateral damage in a never-ending cyberwar.
According to the NYT article, the 2017 NotPetya attack “was a watershed moment for the insurance industry”. Insurers, since then, have been utilizing the “war exclusion” clause in order to avoid claims related to digital attacks. Further justification was provided to insurers when the US government assigned responsibility for the NotPetya malware to Russia in 2018.
Naturally, Mondelez was not the only large conglomerate that was adversely affected by this shift coverage responsibility by the insurance industry; pharmaceutical goliath Merck, who had suffered a NotPetya attack causing to the tune of $700MM in damage, had also been denied claims from its insurer. Needless to say, disputes are still playing out in court with these major players suing their insurers for rejecting claims related to the NotPetya attack based on the “war exclusion” clause. It is expected that these cases will take years to resolve. The results of the legal fights will set major precedents regarding who pays when businesses are hit by cyberattacks blamed on foreign governments, especially when many of these insurance policies explicitly cover “cyber events” (i.e. cyber attacks).
Unfortunately, cyberattacks are a unique challenge for insurers since malware moves fast and unpredictably; often leaving a broad and expensive swath of destruction in its wake. Risks can no longer be contained and limited in such an interconnected cyber landscape. According to some industry experts, there are a multitude of insurers who are currently sitting on insurance policies that were never underwritten nor understood to cover cyber risk. Many insurers had no idea of the kind of losses that could be faced from cyber attacks such as NotPetya; but they are quickly realizing the depth of the potential harm. As such, many insurance companies are rethinking their coverage of these types of events.
Reflecting on the above, do you know if YOUR organization is covered in the event of a cyber attack? With the ongoing lawsuits against the insurers, it may be years before the final judgement is in on whether or not the insurance companies are responsible and liable for providing relief against these types of attacks. In the mean time, almost assuredly, the costs of premiums for insuring against these attacks will be going up.
Again, we come back to our all-encompassing “Detect and Block” approach to cyber security. Having to rely on an insurance payout to make your organization “whole” again after a cyber attack is so reflective of the “Detect and Remediate” mindset that continues to be followed by most of the industry and, in our view, is the much much more expensive approach. With Wedge’s Advanced Malware Blocker, an attack by NotPetya would have easily been detected and blocked BEFORE it had a chance to get into the network and cause so much damage. With Wedge’s patented Deep Content Inspection, alongside the orchestrated best-in-breed malware heuristics and artificial intelligence neural engine, even a new, never-before-seen variation of the NotPetya malware (and other major global attack malware such as WannaCry, CoinMiner, Zeus, etc.) would have been detected and blocked in real-time!
Once again, if your organization is at risk and if you’re not sure whether your insurance provides coverage in the event of a malware breach, perhaps it’s time to consider the “Detect and Block” approach to your network security. Then, you won’t have to worry about whether your insurance provides you coverage. Feel free to get in touch with our team at firstname.lastname@example.org. We offer a FREE 90 day trial of the Wedge Advanced Malware Blocker. You have nothing to lose and everything to gain!