It has been reported that Mondelez International has settled its lawsuit against Zurich American Insurance Company, which it brought because the insurer refused to cover the snack giant’s $100-million-plus clean-up bill following the 2017 NotPetya outbreak.
This widely publicised case between Zurich and Mondelez International has paved the way for how future insurance claims relating to nation-state breaches will be handled.
In the last few months, insurers announced changes to policies to exclude nation-state cyberattacks, a move which was spurred by the court battles they faced against Mondelez and Merck.
One of the biggest challenges cyber insurers face today is not being able to cover their customer’s claims. If insurers suddenly found themselves having to pay out hundreds of millions of pounds to companies as a result of cyberattacks, it could bankrupt them. This is the reason why more changes to insurance policies are on the horizon.
Insurers can no longer afford to cover for cyber negligence and a big focus for them in the coming months is going to be around network access and network segmentation. They are going to want to see organisations getting better control over their user access credentials, so they are not so easy for attackers to steal. A big part of this is also down to segmentation and ensuring that even when credentials do fall into the wrong hands, a criminal can’t travel through the corporate network and siphon off data because the network is segmented through encryption.
When organisations are not following these approaches in the future, they may struggle to get insurance, or find their current policies are no longer valid.