Original Post from InfoSecurity Magazine
DLA Piper Set to Sue Insurer Over NotPetya Claim: Report
DLA Piper has become the latest big name to be denied a multimillion-dollar cyber insurance claim following major losses caused by the NotPetya ‘ransomware’ campaign of 2017.
The multi-national law firm is said to be launching a legal case against its insurer Hiscox for failing to pay out. It appears as if the insurer is holding out because of an exclusion clause for attacks that are deemed an “act of war.”
That’s the same reason that insurance giant Zurich is said to be refusing to pay out a similar multimillion dollar claim from confectionary giant Mondelez. The Cadbury owner is said to be suing the insurer for over $100m to cover permanent damage to 1700 of its servers and 24,000 laptops as well as unfulfilled orders and other operational disruption.
Russia was directly blamed for the June 2017 attacks, which started in Ukraine but quickly spread around the world via the VPNs of multi-nationals with offices in the country.
However, the Five Eyes governments that issued these statements, led by the UK, failed to provide hard evidence to back up their claims, which won’t make it easy for the insurers to make their case in court.
DLA Piper was hit hard by the destructive ransomware strain, after becoming infected via a supplier. The company’s flat networks structure is said to have allowed the malware to spread fast across the globe.
The legal giant was forced to pay 15,000 hours of overtime to IT workers to help recover from the incident, which forced it to start afresh with its entire Windows environment, according to reports.
It’s unclear what kind of insurance policy DLA Piper had and whether or not it specifically covered cyber incidents. However, such disputes are becoming more common, warned Anjola Adeniyi, EMEA technical leader at Securonix.
“The increasing difficulties facing companies who try and claim insurance following a cyber attack is highlighting the growing need to implement preventative strategies,” he added.
“Whilst many companies will fall victim to a ransomware attack, one of the first steps they need to take is to ensure it doesn’t happen again. Computer systems need to be up-to-date on security patches, networks monitored for infections and employees educated on cyber hygiene.”
Go to Source