Joshua Gold, chair of Anderson Kill's Cyber Insurance Recovery Group, was quoted by Law360 in an article regarding Mondelez International Inc. and Zurich American Insurance Co. over coverage for $100 million in losses the snack food giant suffered in a 2017 cyberattack that the U.S. and its allies blamed on Russia, and experts say a ruling permitting the insurer to invoke a war exclusion to deny the claim could leave companies uninsured for similar hacks.
Joshua Gold told Law360 the dispute is noteworthy "because what had been a theoretical discussion in the industry — would insurance companies invoke the war risk exclusion for a cyber claim — has now been answered. "This now makes the conversation very real: that cyber risk management must consider what clarity and assurances policyholders can get that insurance companies will not attempt to evade coverage for cyber claims where a state actor is allegedly involved," Gold said. Gold asserted that history could be on Mondelez's side, because courts dealing with war exclusions in cases involving terrorist incidents targeting the aviation and hospitality industries have tended to construe the exclusionary language narrowly. "I would expect that kind of approach to be used in this case and perhaps others that follow suit," he said. "If you interpret the exclusion too broadly, you start swallowing up the coverage for damage and loss caused by the 'malicious introduction of a machine code or instruction.'"