In June 2017, a destructive malware known as NotPetya spread rapidly across corporate networks worldwide, causing operational chaos, data loss, and system shutdowns.
Entire production systems were halted, supply chains disrupted, and recovery efforts extended over several months.
Estimated Insured Losses: ~$1.4 Billion
Cyber events can trigger traditional property insurance in unexpected ways. Cyber Risk Insight
This case study explores how the NotPetya cyberattack reshaped insurance coverage interpretation, claims handling, and litigation outcomes.
Risk Profile & Exposure
NotPetya spread aggressively across enterprise networks, encrypting files and disabling critical operational systems.
The attack disrupted production, financial systems, and logistics infrastructure.
Insurance exposure was unusual, as claims were filed under traditional property all-risks policies rather than standalone cyber policies.
This created a conflict between emerging cyber risks and existing insurance frameworks.
Incident Timeline
In June 2017, the malware infiltrated corporate systems and spread within minutes.
Thousands of machines were affected almost instantly.
Critical applications failed, halting production across multiple regions.
Recovery and remediation efforts extended over several months, significantly increasing financial losses.
Damage & Loss Assessment
Unlike traditional losses, the damage was primarily digital and operational.
Key impacts included:
- Encrypted and inaccessible systems
- Data corruption and integrity issues
- Production shutdowns
- Supply chain disruption
Loss components included:
- Business interruption losses
- IT recovery and system rebuilding costs
- Legal and consulting fees
- Lost revenue
Cyber surveyors assessed the scope of impact, duration of downtime, and financial implications.
Claim Investigation & Adjusting
When the insured filed a claim, insurers initially denied coverage.
The denial was based on war exclusion clauses, arguing that the cyberattack constituted a form of hostile or warlike action.
Litigation followed, focusing on whether such exclusions applied to non-military cyber incidents.
The case highlighted the importance of precise policy wording and interpretation.
Documentation, expert testimony, and legal analysis played a central role in determining coverage.
Settlement & Industry Impact
Following legal proceedings, insurers were held liable for approximately $1.4 billion in claims.
The ruling had significant implications:
- War exclusions were deemed insufficiently clear for cyber events
- Traditional property policies were confirmed to respond to certain cyber losses
- Insurers revised policy wording to address cyber risks explicitly
This case became a landmark in cyber insurance litigation.
It influenced global underwriting practices, policy drafting, and risk management strategies.
Ambiguous exclusions can lead to billion-dollar liabilities in cyber claims. Insurance Legal Analysis
Key Lessons for Surveyors & Adjusters
Cyber risks can trigger traditional insurance policies.
Policy wording must be clear and unambiguous.
Business interruption is a major component of cyber losses.
Early involvement of legal and cyber experts is essential.
Documentation and forensic analysis drive claim outcomes.
Frequently Asked Questions (FAQs)
What was the NotPetya cyberattack?
NotPetya was a global malware attack in 2017 that disrupted corporate systems, causing widespread operational and financial damage.
How much were the insured losses?
Insured losses were approximately $1.4 billion.
Why did insurers initially deny the claim?
They cited war exclusion clauses, arguing the attack was a form of hostile action.
What was the outcome of the litigation?
The court ruled that war exclusions did not clearly apply, and insurers were required to pay the claim.
How did this case impact cyber insurance?
It led to clearer policy wording, updated exclusions, and increased focus on cyber risk coverage.
Conclusion
The NotPetya cyberattack was more than a technology failure — it was a defining insurance event.
With $1.4 billion in insured losses, it exposed the gap between traditional insurance policies and modern cyber risks.
This case continues to shape how insurers define, underwrite, and manage cyber-related claims globally.