The insurance policy phrase ”direct physical loss of or damage to” has been prominent in the news the past few years thanks to the spate of business interruption cases stemming from the pandemic, but one state high court recently had occasion to examine that policy language in a different context: cybersecurity.

The Ohio Supreme Court late last month reinstated a trial court’s judgment in favor of an insurance company, finding it was not required to cover losses that resulted from a company’s ransomware attack because there was no “direct physical loss of or damage to” computer-software systems.