In the ever-evolving landscape of cyber threats, a recent case involving Mondelez, a major multinational company, has significant implications for the cyber liability insurance market. Whether you’re an insurer, agent, broker, or a company with cyber insurance, this case underscores the importance of understanding the nuances of coverage, especially when it comes to acts of war.
The Mondelez Malware Attack
Mondelez faced a substantial malware attack resulting in a staggering $10 billion in damages globally. The crux of the matter lies in the insurance provider’s assertion that an act of war exemption justified denying the claim. According to the insurance company, the cyber attack originated from Russian military hackers targeting Ukraine and subsequently spreading across the globe, affecting Mondelez’s computer networks.
Act of War Exemption
The insurance company relied on the act of war exemption commonly found in cyber insurance policies. This exemption typically excludes coverage for cyber attacks associated with acts of war. The argument was that the attack on Mondelez was collateral damage in a broader cyber conflict that had its roots in military actions.
Legal Battle and Ruling
Mondelez contested the denial of their claim in court, asserting that they were unintended victims caught in the crossfire of a larger cyber conflict unrelated to them. The case was settled in Mondelez’s favor, challenging the conventional interpretation of the act of war exemption.
Shifting Definitions: Act of War in the Cyber Age
This ruling has far-reaching implications for insurance companies as they are now compelled to reevaluate what constitutes an act of war in the context of cyber insurance. The current definitions, rooted in 19th-century notions of pirates, navies, and privateers, may not aptly address the complexities of cyber warfare in the modern era.
While this ruling might not establish a binding precedent, it serves as a noteworthy indicator of how judges and juries might interpret insurance companies’ contentions regarding acts of war. It challenges the traditional interpretation and prompts a reassessment of exclusionary clauses in policies.
Redefining Exclusions: War-Like Acts vs. Acts of War
This case prompts insurers to rethink their strategy regarding act of war exclusions. Rather than relying on broad and traditional language, insurance companies might consider crafting more nuanced exclusions, such as war-like acts. This shift in strategy aims to better align with the intricacies of cyber warfare and the broader landscape of military actions.
Overlapping Realities: Military Action, Wars, and Cyber Attacks
The ruling highlights the inherent overlap between military actions, wars, conflicts, and cyber attacks. As a policyholder, it becomes crucial to scrutinize your coverage and ensure that it aligns with your expectations. Whether an insurance company frames an incident as an act of war or a war-like act, understanding the boundaries of your coverage is paramount.
The Mondelez case serves as a watershed moment, offering insights into the evolving dynamics of cyber liability insurance. As the digital realm becomes increasingly entwined with geopolitical tensions, insurance policies must adapt to the intricacies of modern cyber warfare. Whether this ruling sparks a broader shift in industry practices remains to be seen, but it undoubtedly opens the door for redefining the boundaries of what constitutes an act of war in the realm of cyber insurance.