US food giant Mondelez is suing its insurance company, Zurich after the insurer refused to pay out over $100 million in damages incurred during the NotPetya ransomware campaign.

The owner of Oreo and Cadbury brands claims it is owed the funds to pay for the irreversible damage done to 1,700 servers and 24,000 laptops, unfulfilled orders, and other disruptions to its operations. The company believes this incident falls under the policy’s provision to cover “all risks of physical loss or damage” to property, including “physical loss or damage to electronic data, programs, or software, including loss or damage caused by the malicious introduction of a machine code or instruction.”

Court documents indicate that Zurich originally intended to adjust the claim as Mondelez requested and even negotiated to make a $10 million interim payment but later refused to pay. Zurich claims that an exclusion applies in this case because NotPetya falls under a “hostile or warlike action in time of peace or war” by a "government or sovereign power”.

Last February the Five Eyes nations joined forces to blame Russia for the devastating NotPetya attacks in June 2017 when a mission to cause mass disruption to Ukrainian businesses and government agencies got out of control and spread via multinationals across the globe.

Despite their strong stance on the incident, the governments did not produce any hard evidence to back up their claims, which could make it hard for Zurich to prove its case against Mondelez. Mondelez described the refusal as “unprecedented” and is seeking $100 million in damages.

Some experts believe Zurich should have invoked a gross negligence clause because Mondelez was hit with the same ransomware twice.

This case represents the first serious legal dispute over how companies can recover the costs of a cyber-attack, as insurance companies look to shrink the scope of their liabilities. Should Zurich successfully argue its case in court and win, organizations across the globe would need to immediately review their policies and start looking for cyber-specific insurance policies.

As a CIS Certified vendor, we work closely with the Center for Internet Security (CIS) to provide a comprehensive suite of system hardening templates that can be leveraged to ensure all systems retain the most appropriate checks designed to harden your environment and protect from Ransomware.

We’ve also developed a powerful Ransomware Mitigation Kit, comprising the necessary automated vulnerability checks and Group Policy/Puppet templates to automatically fix any weaknesses identified.


Request The FREE NNT Ransomware Mitigation Kit


Read this article on Dark Reading

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2023, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.