Merck Settles Coverage Dispute With Insurers Over War Exclusion in NotPetya Attack

Merck & Co. Inc. has supposedly come to an agreement with insurance companies regarding a highly publicized dispute concerning coverage following a significant cyberattack in 2017. In July 2023, the New Jersey Supreme Court decided to review the case after a state appeals court ruled in favor of eight insurers, determining that an exclusion related to hostile or warlike actions in an all-encompassing property insurance policy did not pertain to a cyberattack linked to Russia named "NotPetya" against the pharmaceutical company. Initially, over 30 insurers were part of the case, but many have since settled their disputes with Merck. The remaining eight insurers, including Ace American, Allianz, Liberty Mutual, QBE, XL, and Lloyd’s syndicates, were still involved. Merck's property insurance plan consisted of "all risks" property policies structured in three layers, totaling $1.75 billion in limits above a $150 million deductible. These eight insurers' policies covered varying percentages across one, two, or all three layers. Collectively, they contested around $700 million in coverage, which was close to 40% of Merck’s total coverage for the policy period.

Merck & Co. Inc. reached an agreement with insurance companies regarding a dispute over coverage following a cyberattack called NotPetya in 2017. The case was brought before the New Jersey Supreme Court for review after a judgment determined that the exemption for hostile/warlike acts in an all-encompassing property insurance policy was not relevant. While numerous insurers have settled their claims with Merck, there were still eight insurers involved in the ongoing dispute. Merck had a property insurance arrangement consisting of three layers, and the remaining insurers were contesting approximately $700 million in coverage.