Insurance policies often contain so-called war exclusions. These provisions, which can differ significantly in how they are worded, purport to limit coverage for losses arising out of war or warlike actions.

The issue came into recent prominence in 2018 as a result of litigation initiated by Mondelez International, Inc. against Zurich American Insurance Company. Mondelez suffered losses as a result of the malware known as “NotPetya.” According to a Wired article, “[NotPetya’s] goal was purely destructive. It irreversibly encrypted computers’ master boot records, the deep-seated part of a machine that tells it where to find its own operating system. Any ransom payment that victims tried to make was futile. No key even existed to reorder the scrambled noise of their computer’s contents.” Per Mondelez’s complaint, Zurich denied Mondelez’s claim for insurance coverage based on a war exclusion which purported to exclude coverage for a “hostile or warlike action. . . .”

Although much has been written on the subject of the “war” exclusion, this article seeks to take a deeper dive into cyber threats.

To read the full article, go to Business Law Today.