💰💣

Mondelez Security Incident

2017 3186 days ago Resolved

Incident Overview

Situation Description

Mondelez filed a claim under its property policy for costs incurred due to the NotPetya ransomware attack in 2017, but its insurer denied the claim citing a war exclusion clause.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Manufacturing

Geographic Scope

Global

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

Primary Impacts

Operational Disruption Financial Loss

Key Decisions Made

Companies should consider potential gaps in cyber coverage, such as compliance coverage for regulatory fines where no underlying cyber incident occurred.; Companies should ensure their cyber policies cover litigation costs, especially in light of new privacy laws like the CCPA that include private rights of action.; Companies should review their cyber policies for coverage related to intentional acts of employees and understand how new state laws may expand the definition of a breach.

Technical Analysis

Attack Method

Unknown

Additional Information

Insights Blogs Data Dive Issues to Consider When Evaluating Cyber Coverage in Light of the CCPA and Other State Privacy Laws Nov 4, 2019 Reading Time : 7 min By: Natasha G. Kohne Covering costs related to data breach response and recovery and data breach- and privacy-related enforcement actions and litigation presents challenges. Worldwide, as of April 2019, the average total cost of a data breach was $3.92 million. 1 The average total cost of a data breach in the United States was $8.19 million. 2 The costs of enforcement actions can be similarly significant in terms of monetary penalties and secondary costs. Without adequate coverage, these costs can have long-term effects on a business. Cyber policies are now a common part of most companies insurance portfolios. The policies generally cover five principal areas: (1) costs to manage and respond to a cyber-incident, (2) costs stemming from network interruption, (3) costs for security and privacy liability, (4) costs relating to extortion and (5) costs for media liability or reputational harm. Whether insurers cover all of these areas or all costs within different areas varies from policy to policy. Most policies offer first-party and third-party coverage. First-party coverage applies to losses that are directly sustained by the insured party, such as damage to a companys own electronic data files. Third-party coverage applies to claims by others against the insured company, such as claims by people who were injured by the insured companys actions (or inactions). With the increase in state privacy legislation, particularly the CCPA, many insurance companies are working with clients to also cover certain compliance costs arising out of a violation of a privacy-related legal obligation where no underlying cyber incident has occurred. Insurers and insureds alike are also working to understand how the CCPAs private right of action fits within existing third-party liability coverage and whether and how they may need...

... (truncated for display)

Quick Facts

Company:: Mondelez
Date:: 2017
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 4/11/2019

Source Information

Original Query

company response to ransomware "regulatory fines" GDPR OR CCPA

View Original Source

Timeline

Information Published

4/11/2019

Incident Occurred

2017 (3186 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats