Priya PatelTLDR:
– Merck settled with its insurance companies over the damages caused by the NotPetya wiper worm.
– The settlement raises questions about what constitutes an act of war for cyber-insurance policies.
Drugmaker Merck recently settled with a group of insurance companies after a long legal battle over damages caused by the NotPetya wiper worm. The insurance companies had refused to pay $699 million of the $1.4 billion claimed by Merck, citing exclusion clauses related to hostile or warlike acts. The settlement has brought into focus the issue of what exactly constitutes an act of war for cyber-insurance policies. Cyber-insurance firms have already begun clarifying their coverage and exclusions, but there is still significant variation in the way these policies are written. The settlement in the Merck case is seen as a positive outcome for businesses looking to mitigate risks from cyberattacks, regardless of whether the attackers are state-sponsored or independent groups.
