The New Jersey Supreme Court agreed to review the legal fight between Merck and several of the world’s top insurance providers involving $1.4 billion in claims stemming from the 2017 NotPetya cyberattack.
A New Jersey appellate court previously upheld a lower court ruling in favor of Merck, which filed suit against the insurance firms after they attempted to use war exclusion language to deny coverage related to the attacks.
Merck suffered massive damages after it downloaded infected accounting software from a Ukrainian company that was hacked with malware. The infected software led to the damage of more than 40,000 computers at Merck, causing widespread disruption to its manufacturing, sales and other operations.
The remaining legal dispute in the Merck case involved about $699 million in claims, according to court records.
“Since the contract language in effect of the dispute dates from 2017 when the original attack occurred, I don’t believe that it will have much, if any effect on coverage decisions now,” said Michael Dion, vice president, senior analyst at Moody’s, via email.
Dion added however that the fact that the high court is willing to hear the case is “promising for the consortium of insurers involved in the dispute.”
Peter Halprin, an insurance recovery attorney and partner at Pasich, said he sees no reason for the court to overturn the lower court rulings.
“The trial and appellate courts reiterated key insurance policy interpretation principles, including the importance of all risk coverage, the breadth of coverage provisions and the narrow construction of exclusionary language,” Halprin said in an email. “The message so far is that insurers have to draft clear and unambiguous excursions and that courts will not rewrite exclusionary language.”
The case has been closely watched amid years of turmoil related to a rise in ransomware attacks and nation-state activity related to the Russia-Ukraine conflict.
The insurance market has shown signs of increasing stability with premium increases beginning to moderate. Data from Marsh showed global cyber insurance prices rose 11% during the first quarter, down from 28% during the fourth quarter of 2022.
Snack food giant Mondelez previously settled its own NotPetya court case with Zurich in late 2022 and by January Beazley announced the historic sale of a cyber catastrophe bond.