IDEAS home Printed from https://ideas.repec.org/a/eee/bushor/v64y2021i6p775-785.html
   My bibliography  Save this article

Digital force majeure: The Mondelez case, insurance, and the (un)certainty of attribution in cyberattacks

Author

Listed:
  • Tatar, Unal
  • Nussbaum, Brian
  • Gokce, Yasir
  • Keskin, Omer F.

Abstract

Insurance companies typically secure themselves under force majeure exclusions against the unpredictability brought about by acts of war. If a company were to be attacked by a nation-state in physical space—hit with a missile or by aerial bombing—there would be fairly clear carve-outs so their insurance company could exclude such an incident from coverage. But the same is not always true in cyberspace. This article examines an extreme outlier case in the world of cyberattacks and insurance—that is, the losses suffered by the U.S.-based food and beverage company Mondelez as a result of the NotPetya cyberattack—and scrutinizes just how far force majeure exclusions can be applied in cyberspace. The article attempts to reveal the significance of the legal qualification of a cyberattack and its attribution to a state for insurance coverage in both general insurance policies, like the one the Mondelez case stemmed from, as well as in insurance policies targeted to cover cyber risk.

Suggested Citation

  • Tatar, Unal & Nussbaum, Brian & Gokce, Yasir & Keskin, Omer F., 2021. "Digital force majeure: The Mondelez case, insurance, and the (un)certainty of attribution in cyberattacks," Business Horizons, Elsevier, vol. 64(6), pages 775-785.
    • Handle: RePEc:eee:bushor:v:64:y:2021:i:6:p:775-785
    DOI: 10.1016/j.bushor.2021.07.013
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0007681321001361
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.bushor.2021.07.013?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Shackelford, Scott J., 2012. "Should your firm invest in cyber risk insurance?," Business Horizons, Elsevier, vol. 55(4), pages 349-356.
    2. Kshetri, Nir, 2020. "The evolution of cyber-insurance industry and market: An institutional analysis," Telecommunications Policy, Elsevier, vol. 44(8).
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Caroline Hillairet & Olivier Lopez & Louise d'Oultremont & Brieuc Spoorenberg, 2022. "Cyber contagion: impact of the network structure on the losses of an insurance portfolio," Post-Print hal-03388840, HAL.
    2. Mazaher Kianpour & Stewart J. Kowalski & Harald Øverby, 2021. "Systematically Understanding Cybersecurity Economics: A Survey," Sustainability, MDPI, vol. 13(24), pages 1-28, December.
    3. Caroline Hillairet & Olivier Lopez & Louise d'Oultremont & Brieuc Spoorenberg, 2021. "Cyber contagion: impact of the network structure on the losses of an insurance portfolio," Working Papers hal-03388840, HAL.
    4. Hayes, Darren R. & Cappa, Francesco, 2018. "Open-source intelligence for risk assessment," Business Horizons, Elsevier, vol. 61(5), pages 689-697.
    5. Monica C. LaBarge & Kristen L. Walker & Courtney Nations Azzari & Maureen Bourassa & Jesse Catlin & Stacey Finkelstein & Alexei Gloukhovtsev & James Leonhardt & Kelly Martin & Maria Rejowicz‐Quaid & M, 2022. "Digital exchange compromises: Teetering priorities of consumers and organizations at the iron triangle," Journal of Consumer Affairs, Wiley Blackwell, vol. 56(3), pages 1220-1243, September.
    6. Camélia Radu & Nadia Smaili, 2022. "Board Gender Diversity and Corporate Response to Cyber Risk: Evidence from Cybersecurity Related Disclosure," Journal of Business Ethics, Springer, vol. 177(2), pages 351-374, May.
    7. Alexander A. Ganin & Phuoc Quach & Mahesh Panwar & Zachary A. Collier & Jeffrey M. Keisler & Dayton Marchese & Igor Linkov, 2020. "Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management," Risk Analysis, John Wiley & Sons, vol. 40(1), pages 183-199, January.
    8. Mendiela, Pauline, 2021. "Information security breaches and financial market reaction: the French case," MPRA Paper 105029, University Library of Munich, Germany.
    9. Hillairet, Caroline & Lopez, Olivier & d'Oultremont, Louise & Spoorenberg, Brieuc, 2022. "Cyber-contagion model with network structure applied to insurance," Insurance: Mathematics and Economics, Elsevier, vol. 107(C), pages 88-101.
    10. Anum Khan & Muhammad Shujaat Mubarik & Navaz Naghavi, 2023. "What matters for financial inclusions? Evidence from emerging economy," International Journal of Finance & Economics, John Wiley & Sons, Ltd., vol. 28(1), pages 821-838, January.
    11. Meng Sun & Yi Lu, 2022. "A Generalized Linear Mixed Model for Data Breaches and Its Application in Cyber Insurance," Risks, MDPI, vol. 10(12), pages 1-23, November.
    12. Eling, Martin & Wirfs, Jan Hendrik, 2016. "Cyber Risk: Too Big to Insure? Risk Transfer Options for a mercurial risk class," I.VW HSG Schriftenreihe, University of St.Gallen, Institute of Insurance Economics (I.VW-HSG), volume 59, number 59.
    13. Wade, Megan, 2021. "Digital hostages: Leveraging ransomware attacks in cyberspace," Business Horizons, Elsevier, vol. 64(6), pages 787-797.
    14. Xie, Haipeng & Sun, Xiaotian & Fu, Wei & Chen, Chen & Bie, Zhaohong, 2023. "Risk management for integrated power and natural gas systems against extreme weather: A coalitional insurance contract approach," Energy, Elsevier, vol. 263(PB).
    15. Kshetri, Nir, 2024. "The academic industry’s response to generative artificial intelligence: An institutional analysis of large language models," Telecommunications Policy, Elsevier, vol. 48(5).
    16. Guido Smidt & Wouter Botzen, 2018. "Perceptions of Corporate Cyber Risks and Insurance Decision-Making," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 43(2), pages 239-274, April.
    17. Christian Biener & Martin Eling & Jan Hendrik Wirfs, 2015. "Insurability of Cyber Risk: An Empirical Analysis†," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 40(1), pages 131-158, January.
    18. Shackelford, Scott J., 2016. "Business and cyber peace: We need you!," Business Horizons, Elsevier, vol. 59(5), pages 539-548.
    19. Md. Hamid Uddin & Md. Hakim Ali & Mohammad Kabir Hassan, 2020. "Cybersecurity hazards and financial system vulnerability: a synthesis of literature," Risk Management, Palgrave Macmillan, vol. 22(4), pages 239-309, December.
    20. Alessandro Mazzoccoli & Maurizio Naldi, 2021. "Optimal Investment in Cyber-Security under Cyber Insurance for a Multi-Branch Firm," Risks, MDPI, vol. 9(1), pages 1-28, January.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:bushor:v:64:y:2021:i:6:p:775-785. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.elsevier.com/locate/bushor .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.