Key Points:
- Merck and its insurers have reached a settlement for a $1.4 billion insurance claim filed by the pharmaceutical company after the NotPetya cyberattack in 2017.
- Merck did not have cyber insurance during the attack, but the damage was later found to be excluded under the war exclusion clause.
Merck and its insurers have come to a settlement agreement for a $1.4 billion insurance claim filed by the pharmaceutical giant in relation to the destructive NotPetya cyberattack that occurred in 2017. The terms of the settlement were not disclosed. This settlement comes after Merck successfully received favorable court decisions in 2022 and 2023.
During the NotPetya attack, Merck did not have cyber insurance coverage. At the time, insurers determined that the damage caused by the attack fell under the war exclusion clause in their policy, therefore not eligible for coverage. However, New Jersey Superior Court Judge Thomas Walsh later ruled that the war exclusion clause did not apply in this specific case. This decision was subsequently upheld by the New Jersey appellate when the insurers appealed the ruling.
Bloomberg Law reported that the settlement between Merck and its insurers comes just before a New Jersey Supreme Court review of the insurance dispute was scheduled to take place. This review had the potential to establish a national precedent that could impact the growing cyber insurance market.
This settlement highlights the ongoing disparities in cyber insurance coverage and the importance of carefully examining the fine print of insurance policies. Without cyber insurance coverage during the NotPetya attack, Merck was at risk of facing significant financial losses. It is crucial for organizations to understand their insurance coverage and ensure that they are adequately protected against cyber threats.
Overall, this settlement provides a resolution to Merck’s insurance claim and emphasizes the necessity for businesses to carefully consider their insurance coverage in relation to cyberattacks.
Sources: