Merck’s $1.4 Billion Insurance Win Splits Cyber From ‘Act of War’

Merck & Co.‘s victory in a legal dispute with insurers over coverage for $1.4 billion in losses from malware known as NotPetya is expected to force insurance policies to more clearly confront responsibility for the fallout from nation-state cyberattacks.

The multinational pharmaceutical company sued its insurers who had denied coverage for NotPetya’s impacts to its computer systems, citing a policy exclusion for acts of war. The 2017 malware attack was attributed to Russia’s military intelligence agency, deployed as part of a conflict with Ukraine.

New Jersey Superior Court Judge Thomas J. Walsh ruled Jan. 13 that Merck’s insurers can’t ...