Merck has finally reached a settlement with its insurers after they had refused to pay out following the NotPetya campaign due to a cyber-warfare policy exclusion.
The pharmaceuticals giant claimed it was entitled to around $700m from its carriers after the 2017 attacks, which are believed to have infected tens of thousands of its machines with destructive malware disguised as ransomware.
According to Bloomberg Law, the settlement last week came just before the start of oral arguments in a New Jersey Supreme Court review of the dispute.
Whether state-backed cyber-campaigns like NotPetya can be described as acts of war is a matter hotly contested by legal scholars.
Confectionary giant Mondelez settled with insurance provider Zurick back in 2022 after the latter denied it a $100m payout following NotPetya on similar grounds.
In the meantime, the insurance sector has been scrambling to add clarity to policies when it comes to cyber-related risk.
It's believed that NotPetya caused $1.4bn in losses at Merck.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Mon, 08 Jan 2024 10:30:09 +0000