January 11, 2024 at 09:43AM
Merck settled a legal battle with insurance companies over $1.4 billion in claimed damages caused by the NotPetya cyberattack, challenging hostile/warlike act exclusion clauses. The resolution is significant for businesses amid increasing cyberattacks. Although insurance firms clarify act-of-war clauses, companies must carefully review coverage to mitigate risks from complex cyberthreats.
Based on the meeting notes, here are the key takeaways:
– Drugmaker Merck settled with insurance companies over the damages caused by the NotPetya wiper worm attack, with insurers agreeing to pay a portion of the claimed damages.
– The settlement may not have as much impact as the lawsuit’s journey through the courts, which included rulings in favor of the drugmaker.
– The cyber-insurance industry has been working to clarify act-of-war clauses in insurance policies, with a particular focus on damaging cyberattacks by state-sponsored actors.
– The resolution of Merck’s lawsuit is seen as a positive development for businesses and large industry organizations, many of which supported Merck in its legal battle.
– Merck’s lawsuit stemmed from the NotPetya attack in 2017, which caused significant business losses, including disruptions to research, sales, and manufacturing operations.
– The insurance industry has been clarifying exclusions related to broad cyberattack outbreaks and is emphasizing the importance of understanding coverage and exclusions in cyber insurance policies.
– It’s crucial for companies to clearly determine the damages they want to be covered by their cyber insurance and understand when a cyberattack could be classified as a “hostile/warlike act” excluded from coverage.
– Efforts to mitigate the impact of cyber events should include a focus on security best practices, as well as a recognition that making an insurance claim is not a substitute for preventing the attack in the first place.
These takeaways provide a clear summary of the key points from the meeting notes related to Merck’s legal battle and the broader implications for the cyber-insurance industry.