Even with teams working around the clock, it was weeks before Mondelez recovered. Once the lost orders were tallied and the computer equipment was replaced, its financial hit was more than $100 million, according to court documents.

After the ordeal, executives at the company took some solace in knowing that insurance would help cover the costs. Or so they thought.

Mondelez’s insurer, Zurich Insurance, said it would not be sending a reimbursement check. It cited a common, but rarely used, clause in insurance contracts: the “war exclusion,” which protects insurers from being saddled with costs related to damage from war.

Mondelez was deemed collateral damage in a cyberwar.

The 2017 attack was a watershed moment for the insurance industry. Since then, insurers have been applying the war exemption to avoid claims related to digital attacks. In addition to Mondelez, the pharmaceutical giant Merck said insurers had denied claims after the NotPetya attack hit its sales research, sales and manufacturing operations, causing nearly $700 million in damage.

When the United States government assigned responsibility for NotPetya to Russia in 2018, insurers were provided with a justification for refusing to cover the damage. Just as they wouldn’t be liable if a bomb blew up a corporate building during an armed conflict, they claim not to be responsible when a state-backed hack strikes a computer network.

The disputes are playing out in court. In a closely watched legal battle, Mondelez sued Zurich Insurance last year for a breach of contract in an Illinois court, and Merck filed a similar suit in New Jersey in August. Merck sued more than 20 insurers that rejected claims related to the NotPetya attack, including several that cited the war exemption. The two cases could take years to resolve.

Eoin Treacy's view

The threat from cyber crime is both real and obvious but many investors have been disappointed by the performance of the cybersecurity sector. It makes intuitive sense that with so many hacks, ransomware events and industrial espionage that the sector should be among the best performers internationally.

The reason its performance has been retarded, until recently, is because it is cheaper for a company to buy insurance than to pay for constant vigilance. These court cases could change that because if the insurance does not pay out then there is no point paying for it which could stoke demand for vigilance and protection.

The Cyber Security ETF (HACK) broke out to new highs today, following a brief consolidation in the region of the previous peak and a sustained move below the trend mean would be required to question potential for additional upside.



CheckPoint Software, Palo Alto Networks and CyberArk Software are leading on the upside.