The insurance company Ace American has to pay for the losses:
On 6th December 2021, the New Jersey Superior Court granted partial summary judgment (attached) in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute.
Merck suffered US$1.4 billion in business interruption losses from the Notpetya cyber attack of 2017 which were claimed against “all risks” property re/insurance policies providing coverage for losses resulting from destruction or corruption of computer data and software.
The parties disputed whether the Notpetya malware which affected Merck’s computers in 2017 was an instrument of the Russian government, so that the War or Hostile Acts exclusion would apply to the loss.
The Court noted that Merck was a sophisticated and knowledgeable party, but there was no indication that the exclusion had been negotiated since it was in standard language. The Court, therefore, applied, under New Jersey law, the doctrine of construction of insurance contracts that gives prevalence to the reasonable expectations of the insured, even in exceptional circumstances when the literal meaning of the policy is plain.
Merck argued that the attack was not “an official state action,” which I’m surprised wasn’t successfully disputed.
Slashdot thread.
The insurance company Ace American has to pay for the losses:
On 6th December 2021, the New Jersey Superior Court granted partial summary judgment (attached) in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute.
Merck suffered US$1.4 billion in business interruption losses from the Notpetya cyber attack of 2017 which were claimed against “all risks” property re/insurance policies providing coverage for losses resulting from destruction or corruption of computer data and software.
The parties disputed whether the Notpetya malware which affected Merck’s computers in 2017 was an instrument of the Russian government, so that the War or Hostile Acts exclusion would apply to the loss.
The Court noted that Merck was a sophisticated and knowledgeable party, but there was no indication that the exclusion had been negotiated since it was in standard language. The Court, therefore, applied, under New Jersey law, the doctrine of construction of insurance contracts that gives prevalence to the reasonable expectations of the insured, even in exceptional circumstances when the literal meaning of the policy is plain.
Merck argued that the attack was not “an official state action,” which I’m surprised wasn’t successfully disputed.
Slashdot thread.
More Stories
Microsoft Promises to Keep European Cloud Data in Europe
Microsoft’s Sovereign Cloud solutions are designed to ensure European cloud data is stored and processed in Europe Read More
Brits Lose £106m to Romance Fraud in a Year
New City of London Police data reveals British men and women lost over £100m to romance fraudsters in 2024 Read...
What Is Cyber Risk
Did you know that it is estimated that 45% of organizations worldwide will have suffered attacks on their software supply...
Threat Actors Target Victims with HijackLoader and DeerStealer
Cyber-attacks using HijackLoader and DeerStealer have been identified exploiting phishing tactics via ClickFix Read More
Archetyp Market Shut Down in Europe-wide Law Enforcement Operation
Operation DEEP Sentinel has shut down Archetyp Market, the longest-running dark web drug marketplace Read More
Tenable Fixes Three High-Severity Flaws in Vulnerability Scanner Nessus
Nessus users should update patches as soon as possible Read More