Skip to main content
close search
site logo
Dive Brief

Mondelez in $100M court battle with insurer over cyberattack-related damages

Published Jan. 11, 2019
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Mondelez

Dive Brief:

  • Mondelez, food manufacturer of Wheat Thins and Chips Ahoy! cookies, is suing its insurer Zurich American Insurance for $100 million for not covering NotPetya-related damages, reports The Financial Times based on court filings.
  • NotPetya left 1,700 servers and 24,000 laptops "permanently dysfunctional" after the wiper attack hit Mondelez twice, according to court filings. The food company claims the damages fall under the coverage in its property insurance policy, which includes loss of electronic data, software and physical damage "caused by the malicious introduction" of malware, according to the report.
  • Stolen user credentials and customer orders left unfulfilled are also among the damages inflicted by NotPetya that Mondelez is seeking compensation for, reports Bloomberg. However, in June 2018, Zurich American Insurance said it is exempt from fulfilling losses because the cyberattackNotPetya, occurred during a "time of peace" in a "warlike" fashion.

Dive Insight:

NotPetya succeeded WannaCry by about a month, coming in June of 2017. The global cyberattacks left companies, including Maersk and FedEx, spiraling from disruption and heavy recovery costs.

Mondelez's case is the first to legally challenge the way companies obtain the money needed to resolve an issue caused by a cyberattack, according to The Financial Times. Insurance companies now have to grapple with changing their policies to accommodate more digital liabilities.

The White House confirmed NotPetya as a nation-state attack by the Russian military in February 2018, and Zurich is using that declaration to its advantage. If the courts rule in favor of Zurich and its exclusion policy is sufficient, it is likely to set the tone for other insurance providers. This case has the potential to set precedent for future cyberattack-related disputes with victims and their insurance providers.

Since cybercriminals don't always leave a calling card, attribution is difficult — if not impossible — to confirm. In this case, the federal government identified the culprit, which may work to Zurich's advantage.

Cybercriminals don't act exclusively in times of war. Omitting cyberattacks based solely on that addendum could defeat the purpose of having insurance. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Smart City Expo USA 2025 Speakers Announced
From Smart City Expo USA
December 11, 2024
Graphiant Unveils Revolutionary Data Assurance Offering
From Graphiant
December 09, 2024
Arcus Power Launches Power Market Data Solutions on Snowflake Marketplace
From Arcus Power Corp
December 04, 2024
Celonis Appoints Benoit Fouilland as Chief Financial Officer to Drive Next Phase of Growth
From Celonis
December 05, 2024
Editors' picks
Latest in Security
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.