Security News > 2022 > November > Ritz cracker giant settles bust-up with insurer over $100m+ NotPetya cleanup

Mondelez International has settled its lawsuit against Zurich American Insurance Company, which it brought because the insurer refused to cover the snack giant's $100-million-plus cleanup bill following the 2017 NotPetya outbreak.

It has helped fuel an ongoing debate over what constitutes an act of war - which even in cyberspace could invalidate an insurance claim - and whether insurance companies should pay damages caused by network intrusions supported or organized by nation states.

Mondelez sued Zurich in 2018 after the insurance biz refused to cover damages that the cookie corporation incurred as a result of NotPetya, a fast-spreading strain of file-trashing malware that some say caused more than $10 billion in damage worldwide and was later attributed to the Russian military.

Like Mondalez, Merck sued the insurance company for damages related to NotPetya.

The Mondalez lawsuit is "Very similar to the Merck situation, in that this is a cyber-related incident falling for consideration under a property insurance policy," said Peter Hawley, director of insurance solutions in Europe for SecurityScorecard.

Government policy measures could include a backstop program for cyber-insurance risk along the lines of America's Terrorism Risk Insurance Program, created after 9/11, to help property insurance policies include coverage for damage caused by acts of terrorism, Cunningham said.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/11/02/mondelez_zurich_notpetya_settlement/