To borrow a term from the 2020 lexicon, 2022 was an “unprecedented” year for cyber coverage claims. The nature of cyberattacks continued to evolve both in scope and sophistication, and insurance companies have sought to impose more onerous impediments to obtaining coverage. Despite insurance companies adopting more aggressive postures against covering cyber claims, 2022 provided policyholders with significant wins. The article summarizes the key cyber coverage decisions of 2022—and from a policyholder’s viewpoint, the good, the bad, and the in-between.
War Means ‘War’: Insurance Industry’s Attempt To Expand the Traditional ‘War’ Exclusion Rejected. The New Jersey Superior Court’s decision in Merck & Co. v. ACE American Ins. Co., No. UNN-L-002682-18, 2022 WL 951154 (N.J. Super. Ct. Law Div. Jan. 13, 2022), provided policyholders with an important win, ruling that a standard exclusion for loss caused by acts of war, under an all-risk property policy, did not bar insurance coverage for Merck & Co.’s losses stemming from the “Notpetya” cyberattack of 2017. The war exclusion purported to bar coverage for losses caused by “hostile or warlike action … by any government … or by any agent of such government.” Merck’s insurance companies argued that the exclusion barred coverage for Merck’s losses because the Notpetya malware attack had been launched as an instrument of the Russian Federation in its ongoing hostilities with Ukraine.
