This summer marked the anniversary of the most costly cyber-attack in history. NotPetya wreaked havoc for some large companies, costing them billions of dollars in lost revenue, damaging computer systems, and requiring significant expense to restore global operations.
Despite widespread reporting on the attack, many details remain elusive. In addition, the issue of whether NotPetya was "warlike" continues to be debated – specifically, whether the ubiquitous war exclusion found in cyber insurance policies could have prevented coverage.
Marsh's view is a firm no: NotPetya was not "warlike" and does not trigger the war exclusion.
In a new article, Matthew McCabe, Assistant General Counsel for Cyber Policy at Marsh, examines the issue, applying relevant legal precedent to determine why NotPetya does not reach the level of war or "hostile and warlike" activity.