Mondelez, the American Food, Confectionary, and Beverage Company has threatened Switzerland based Zurich Insurance with a lawsuit to pay the $100m penalty for refusing its claim for the damage caused by the NotPetya Cyber Attack.
As insurance companies are tightening the rules related to the liability claims, this lawsuit will stand tall as a first serious legal dispute on how companies can recover costs from their cyber insurance providers who refuse to pay them against state-funded cyber attacks.
In the year 2017, a NotPetya ransomware attack crippled computer systems of firms operating across the globe including Merck, the pharmaceutical group. The UK and US law enforcement said that the attack was launched by Russian hackers and the government of Ukraine supported the claim with some evidence to prove the allegation as fact in 2018.
Coming back to the case of Mondelez suing Zurich Insurance, as per the papers filed in the court of Illinois, the American food products offering company says that it was targeted two times by NotPetya in 2017 with over 1700 servers and 24,000 laptops rendered mal-functional on a permanent note.
After getting a report from the IT staff, Mondelez is said to have contacted Zurich for an insurance claim as the policy was meant to cover losses incurred from physical loss or damage to electronic data, programs, software caused by the malicious introduction of malicious software code.
According to the court documents of Mondelez, Zurich initially worked on the claim and tried its best to adjust the losses and even agreed to pay a $10 m as a relief fund.
However, after a couple of weeks of review, its authorities refused to pay the loss as the policy did not include a cover for a hostile or warlike action initiated by a government or sovereign power or any state-funded actor/s.
After pursuing a lot on the issue, Mondelez decided to seek $100 million as damage from the Swizz based company.
But a spokesperson from the world’s largest insurance firm claims that the case filed by Mondelez will not gain potential in the court as the company has never specified in its insurance policy that it will cover losses incurred from state-funded cyber attacks.
Nevertheless, the case and the final ruling will surely have wide implications on how insurance companies are offering policies when it comes to the loss cover from cyber attacks.