The recent decision of the appellate court in New Jersey that the insurers for Merck & Co. cannot avoid liability for the pharmaceutical giant’s $1.4 billion in losses following a 2017 cyberattack is significant for many reasons. The case involved exclusions for acts of war, and the judges said that for a cyberattack to fall under this type of exclusion, it must involve military action. The Russia-backed NotPetya malware was found to be behind the cyberattack, and insurers claimed that the breach was an extension of military hostilities following Russia’s invasion of Ukraine.
## The Exclusion of Damages Caused by Hostile or Warlike Action
The judges explained in their ruling that the exclusion of damages caused by hostile or warlike action by a government or sovereign power in times of war or peace requires the involvement of military action. The judges found that the NotPetya malware did not involve military action and therefore, coverage could not be excluded by the insurers. The appellate court rejected the argument of the insurers for Merck & Co. that they are not liable for the losses because the incident fell under exclusions for acts of war.
## Implications of the Court’s Decision
The decision of the appellate court in New Jersey has important implications for the insurance industry and companies that are victims of cyberattacks. The ruling clarifies that insurers cannot avoid liability for losses resulting from cyberattacks by invoking exclusions for acts of war or military action. Cyberattacks are increasingly common, and the decision provides additional protection to companies that are victims of cybercrime. The decision could also motivate cyber insurance providers to reassess their policies in relation to cyberattacks and acts of war or military action.
## Editorials and Recommendations
The decision by the appellate court in New Jersey is a significant development in the field of cyber insurance. It highlights the importance of having clear and unambiguous insurance policies that cover cyberattacks. It also demonstrates that the interpretation of policy language can play a key role in determining the outcome of coverage disputes in the context of cyber insurance. Companies that have taken out cyber insurance should review their policies to ensure that they are adequately protected against all types of cyber risks.
In conclusion, the decision of the appellate court in New Jersey that insurers for Merck & Co. are liable for the pharmaceutical giant’s $1.4 billion in losses following a 2017 cyberattack provides important guidance on the interpretation of insurance policies in the context of cyber insurance. It is a significant win for companies that are victims of cyberattacks and will encourage insurance companies to reassess their policies in relation to cyberattacks and acts of war or military action.
<< photo by Mikhail Nilov >>
