Abstract
In October 2018, snack company Mondelez International, Inc. (Mondelez) filed an action against Zurich American Insurance Company (Zurich), requesting indemnification for more than USD $100,000,000 in losses caused by the NotPetya cyber virus. Zurich refuses to cover these damages alleging one of the insurance policy's exclusions for damage resulting from a hostile or warlike action by a government, as the NotPetya attack is said to have been sponsored by Russia. This case is noteworthy for multiple reasons: not only is it the first significant legal dispute in the insurance field concerning the recovery of costs resulting from a cyber attack, but it is also the first time that an insurance company is invoking the war exclusion to decline coverage for an allegedly state-sponsored cyber hack.This article analyzes the key issues of this important case, including attribution of a cyber attack to a State and interpretation of an insurance policy's war exclusion in a cyber context, and the likelihood of success of Mondelez's arguments. It also explores the strengths and limits of general principles of contract and public international law when applied to new technologies and cyber incidents. Finally, it discusses the potential impacts of the Mondelez case on the contents and limits of future traditional and cyber-specific insurance policies.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
