Insurance Company Says NotPetya Is an “Act of War”, Refuses to Pay

295 点作者 marklyon超过 6 年前

24 条评论

This is why I try to avoid insurance policies wherever possible.It’s still hard to argue with people questioning why I don’t buy insurance for my $25k or so of household contents in a relatively secure building.I don’t care how cheap the policy is, I’m assuming they’re charging more than they payout on average, and I lock my doors consistently.

评论 #19062982 未加载

评论 #19062012 未加载

评论 #19062445 未加载

评论 #19061913 未加载

评论 #19063742 未加载

评论 #19063043 未加载

评论 #19062033 未加载

评论 #19063493 未加载

评论 #19063151 未加载

评论 #19061809 未加载

评论 #19063621 未加载

评论 #19063585 未加载

评论 #19063925 未加载

评论 #19064591 未加载

评论 #19065798 未加载

评论 #19064259 未加载

评论 #19064876 未加载

评论 #19065468 未加载

评论 #19063660 未加载

jopsen超过 6 年前

Why should "act of war" not be covered?If I'm going broke because of a war, why shouldn't my insurance company?Similar, with natural disasters, those should be covered by default -- insurance companies can easily spread the risk geographically..These exceptions feels like legacy from the "good" old days when wars were common and globalization limited.

评论 #19063748 未加载

评论 #19064024 未加载

评论 #19064159 未加载

评论 #19067425 未加载

评论 #19064299 未加载

评论 #19069216 未加载

tudorconstantin超过 6 年前

I wonder how that insurance company expects to continue business. If they don't pay in case of damage, why would anyone buy insurance from them?

评论 #19062029 未加载

评论 #19062035 未加载

评论 #19063209 未加载

评论 #19061986 未加载

ascar超过 6 年前

> "hostile or warlike action in time of peace or war"A lot of comments jump on the war and cyber war definitions, but the article states the exclusion is based on a "hostile or warlike action", which is a much looser definition.Based on the announcement of multiple governments that this attack is from Russian origin this exclusion might very well be justified.

评论 #19062287 未加载

评论 #19063496 未加载

评论 #19064082 未加载

评论 #19064247 未加载

Animats超过 6 年前

Source article from The Register.[1][1] <a href="https://www.theregister.co.uk/2019/01/11/notpetya_insurance_claim/" rel="nofollow">https://www.theregister.co.uk/2019/01/11/notpetya_insurance_...</a>

taspeotis超过 6 年前

I would kind of expect the argument about not paying out to be one of negligence on behalf of Mondelez. NotPetya uses the EternalBlue exploit which Microsoft patched in March 2017, NotPetya was late June 2017. Don't install security patches on 1,700 servers and 24,000 laptops for four months? Don't get an insurance payout.

评论 #19062312 未加载

评论 #19063733 未加载

评论 #19063930 未加载

wjnc超过 6 年前

This would be a massively interesting suit, if fought out to conclusion. Looking for a proper definition of war, you might even go back to the Hague Conventions or some historical precedents in common law. Probably the terms and conditions do not further specify 'war', let alone 'cyber war'. But if it would be an easy case, the insurer wouldn't take on Mendelez, unless perhaps as long shot to prevent ruin.

retrogradeorbit超过 6 年前

And that's the last time anyone buys cyber insurance from Zurich. What's the point of cyber insurance that doesn't cover ransom wear? Just a useless waste of money.

评论 #19062537 未加载

dgzl超过 6 年前

Insurance companies live in the weird realm of customer service up front, and financial defense when the whistle is blown.

ldp01超过 6 年前

I wonder if you can get insurance against insurance companies not paying out?

评论 #19061892 未加载

lota-putty超过 6 年前

Insurance is like a `bottomless wishing-well`, demands regular offerings but return favours during unforeseen emergencies not guaranteed.

qaq超过 6 年前

So what is the standard of evidence for something like this? The fact that say top security outfits did attribution to APT-blah or APT some blahBear and there is some level of confidence that the groups might be state actors is it really enough?

toss1超过 6 年前

Not entirely surprising that insurance company is attributing this to an Act of War.* Russia is actively pursuing an Active Measures (активные мероприятия [1]) political war against the west* Russian companies & persons charged by Mueller have actively used the defense in filing that their actions were Acts of War, and so not illegal. These defense claims have not yet been ruled upon, AFAIK.* The Russian govt, former KGB organization, Oligarchs, Russian Mob, and hacker community have effectively morphed into a single operation entity.Nevertheless, it is a bit of a stretch to consider a specific hacking event as part of the Active Measures war. Not that it is surprising that the insurance company tries it. They'll st least delay any payments.This may, interestingly, raise the stakes on any cooperation with such operations (e.g., being a funds conduit, renting out a botnet to deploy the malware) from standard criminal conspiracy charges right up to treason. Not sure if it will play out that way, but I wouldn't want to be the one testing the prosecutors' discretion, or the inclination of the NatSec organizations to get involved. Totally changes the risk profile of getting involved for those inclined to play around the edges.[1] <a href="https://en.wikipedia.org/wiki/Active_measures" rel="nofollow">https://en.wikipedia.org/wiki/Active_measures</a>

cenal超过 6 年前

If insurance stops paying out then companies will take data security more seriously. Their very existence will depend on it.Net win for society from my perspective.

评论 #19062136 未加载

评论 #19067669 未加载

mark_l_watson超过 6 年前

I wonder what the long tail costs are for not paying the claim?If I had any insurance policies with this company I would cancel and look elsewhere. The insurance company must have modeled both scenarios.

mnm1超过 6 年前

If they can't pay out in a case like this, they shouldn't be in business. I hope the affected insureds sue this scumbag insurance company into the bankruptcy it deserves. And if the whole cyber attack insurance industry goes belly up, it sounds like a win for society: maybe these other idiot companies will start to take security seriously rather than just trying to collect money for their insurance companies.

bertil超过 6 年前

I’m curious how much the insurance thinking was: if we pay this, more companies will maintain bad security, pay bribes and we’ll be left to foot the bill.In addition to more victims, the second compounding effect of this would be that giving money to hacker groups means they would become bolder. That might even mean they’d potentially blur the line from State-sponsored to something that outgrows even the authority of a (rogue) State.

DevX101超过 6 年前

Companies won't take security seriously until there are real costs to losing customer data. Right now, they can just send out an apologetic press release after getting attacked due to their shoddy security and that's it.

aritmo超过 6 年前

That's a sleazy insurance company. They use a lame excuse to avoid paying.

mikkom超过 6 年前

Good luck proving conclusively in court that russia was behind the software

评论 #19062948 未加载

gesman超过 6 年前

It’s interesting that insurance Co didn’t point to an absence of proper inclusion clause. They tried to find exclusions that may help them to pull the fast one on a customer.Which means the policy wording clearly matched the covered event.

评论 #19061697 未加载

shard972超过 6 年前

Just subpoena the intel agencies? Just because they haven't released the evidence publicly doesn't mean it wouldn't seem reasonable for the intel agencies to assist the case.

jimjimjim超过 6 年前

Was there a declaration of war? Did their policy specifically mention 'cyber war'?what a steaming load.insurance companies trying to squirm out of paying something is as certain as the sun rising.

评论 #19061647 未加载

bredren超过 6 年前

It takes two to tango. If a cyber war is ongoing, then I think the insurance company should cite retaliatory action in the war as evidence. From what I can tell western governments do not generally publicize any specifics of effective cyber operations.So i wonder if this puts insurance companies in a position where they benefit from classified operations are outed to bolster the case that this was indeed an act of war.

评论 #19062370 未加载

评论 #19062070 未加载