Welcome back. Unless you never left, in which case you’re probably having a smoother morning than I am. If you’re reading this, we’re both having better mornings than Mondelez International, Inc. had on June 27, 2017, when the company was hit by the NotPetya attack that rocked pretty much the whole world. Think you never heard of Mondelez? It’s the snack food mega company that makes Ritz crackers, Cadbury chocolates and milk’s and my favorite cookie – the Oreo.
Refresher on NotPetya – most (including the CIA) believe this attack was propagated by the Russian military against Ukraine, where it is estimated that 50-80% of damage occurred. Many believe that the spread of this malware – the fastest ever as of the time of the attack – to multinational and US corporations was not even intentional. That didn’t stop it from causing an estimated $10 billion in damages to hospitals, banks, shipping companies and others worldwide.
Mondelez, though, has a Zurich insurance policy that specifically covers “physical loss or damage to electronic data, programs or software, including physical loss or damage caused by the malicious introduction of machine code or instruction.” When NotPetya hit Mondelez, it permanently destroyed 1,700 servers and 24,000 computers. Mondelez claims that it lost over $100 million in the form of property damage, commercial supply and distribution disruptions, unfulfilled customer orders and reduced margins. Mondelez tendered a claim to Zurich, and Zurich wasn’t exactly sure what to do.