War Exclusion: Misconceptions about Cyber Coverage

September 19, 2019

In 2017, the NotPetya malware infected computers and servers across the globe, shutting down businesses and causing billions of dollars in damage. In response, the White House issued a statement assigning blame to Russia designating the malware as an Act of Cyber Warfare. As businesses worked to recover, claims for damages and lost income began flooding the insurance market.

Mondelez, the manufacturer of Cadbury Eggs, recently made headlines after a claim filed under their property policy was denied due to the property policy’s war exclusion. The denial has resulted in the spread of misinformation through articles such as “Big Companies Thought Insurance Covered a Cyberattack. They May Be Wrong” by The New York Times that fail to attribute the denied claim to the property market rather than the cyber market. Articles such as the aforementioned have sent ripples across the insurance world for companies who believe their cyber policy would not respond.

When a cyberattack is blamed on a foreign government, many factors can impact coverage, including how the US government designates such an attack. To quote William Wright, Partner at Paragon International Insurance Brokers, “whilst it has promoted lively debate and much need language reform in the insurance market, Mondelez vs Zurich is at its core a very good reason for insureds to purchase stand-alone cyber insurance, where the intent and expectation of coverage is to pay claims emanating from pandemic, untargeted malware like NotPetya and Wannacry.”

Insurance largely revolves around the word “intent.” When property policies were first written, the intent was not to cover mass cyber events such as NotPetya; therefore, it is not surprising to see the property market utilizing the war exclusion. The war exclusion, which is found in almost all commercial insurance lines, is meant to protect insurers from paying claims related to damages caused from war or war-like actions. To narrow the war exclusion in cyber policies, carriers may provide, for example, an affirmative coverage grant for “cyber terrorism” or a “cyber terrorism” carve back to the war exclusion with the expected intention to provide coverage for mass non-targeted cyberattacks.

It is critical to highlight that no known cyber markets have denied coverage utilizing the war exclusion. Further, while the market’s intent may be to cover cyber claims such as NotPetya, one should not solely rely on intent. Every company has unique exposure and specific risk and Beecher Carlson is available to advise you on your company’s risk and on ways to provide affirmative coverage.


Britt Eilhardt Britt Eilhardt is a Senior Vice President, Cyber Claims Specialist in Beecher Carlson’s Executive Liability Practice in New York. She is dedicated to working with clients in navigating cyber claims from breach to resolution, swiftly connecting clients with vendors in the event of a breach, reviewing and drafting cyber policy forms and market enhancements, and strategizing with clients on coverage concerns.  Britt is an attorney who previously litigated insurance coverage matters in state and federal courts. She is a member of the New York and New Jersey State Bars. She can be contacted at beilhardt@beechercarlson.com.
Brad Davis Brad Davis is an Account Executive in Beecher Carlson’s Executive Liability Practice in New York. He is responsible for the day-to-day placement of network security, privacy, technology, and media E&O insurance programs for a wide variety of companies. He supports the Executive Liability Practice by providing a full scope of professional broker services.  He can be contacted at bdavis@beechercarlson.com.
Garrett Myers Garrett Myers is a Cyber Analyst in Beecher Carlson’s Executive Liability Practice in New York. He assists Chris Keegan, the National Cyber and Technology Practice Leader at Beecher Carlson, in creating an extensive industry knowledge base, understanding and anticipating emerging exposures, and utilizing litigation data to model and benchmark potential cyber losses. ​ He can be contacted a garrett.myers@beechercarlson.com.

This article is intended for informational purposes only. It is not a guarantee of coverage and should not be used as a substitute for an individualized assessment of one’s need for insurance or alternative risk services, nor should it be relied upon as legal advice, which should only be rendered by a competent attorney familiar with the facts and circumstances of a particular matter. Copyright Beecher Carlson Insurance Services, LLC. All Rights Reserved.