Haynes Boone Partner Peter Halprin and Associate Brittany Parks authored an article for Mealey's exploring the history of traditional war exclusions, how courts have applied those exclusions in the context of cyberattacks, the recent introduction of war exclusions in the insurance market, and what comes next.
Read an excerpt below.
In this day and age, one of the greatest risks that a company can face is that of a cyberattack. These attacks can come in many forms such as malware or ransomware, infecting the victim’s computers to gain access to sensitive data and completely halt operations, and the losses stemming from such attacks can be devastating. For example, in 2017, the NotPetya malware resulted in more than $10 billion in damages globally.
Companies, however, can take some comfort in the fact that there are commercial insurance policies which provide coverage for such incidents. The issue, however, becomes more complicated insofar as insurers have sought to exclude such coverage, where state actors are involved, on the grounds that such actions are excluded acts of war, no different than what they
have sought to traditionally exclude via so-called war exclusions in property insurance policies.
These issues were recently addressed by New Jersey courts which rejected insurer attempts to exclude the coverage for the NotPetya malware, on the grounds that the attacks did not fall within an exclusion for “war” or “warlike” action, allowing the policyholder to recover hundreds of millions of dollars.
As cyberattacks have increased, and perhaps in response to this decision, insurance companies have begun to incorporate new cyber exclusions in their policies.
To read the full commentary, click here.
