Interessante e ampia estensione al cyberwarfare della clausola di esclusione per conflitto armato nei contratti assicurativi. Immagino che possa ulteriormente complicare lo scenario IoT e dei sistemi di guida autonoma: l'assicurazione si defila se l'auto/aereo/drone a guida autonoma o il tostapane/lavatrice/friggitrice IoT causa vittime o danni per effetto di un attacco informatico riconosciuto come "bellico"... A questo punto chi paga? Il produttore dell'oggetto, il proprietario dello stesso (ammesso che non sia parte dannegiata) o nessuno? <https://thebulletin.org/2019/04/is-cyberwarfare-war-insurers-balk-at-paying-...> [...] And US businesses may no longer be able to rely on insurance to cover their losses. In an era of unceasing cyberattacks, including cases of state-sponsored hacking, insurance companies are beginning to re-interpret an old line in their contracts known as the “war exclusion.” Stripping away the metaphorical connotation of the term “cyberwarfare,” big insurers like Zurich Insurance have decided that state-sponsored attacks are basically just plain warfare. This shift comes as the US government is increasingly attributing state-sponsored cyberattacks to their alleged perpetrators, a development that some argue is a means of holding bad actors accountable. But the policy certainly doesn’t seem to be doing any favors to the private sector. The New York Times fleshed out the insurance companies’ new legal strategy in a recent article about the woes of Modelez International, the maker of Oreo cookies and other mainstays of the snack food industry. Based in the Chicago suburbs, Mondelez was among the hundreds of companies hit in the so-called “NotPetya” attack of 2017. The Times reported that Mondelez expected its more than $100 million in losses to be covered by its Zurich insurance policy. But Zurich swatted back Mondelez’s claim, citing an exclusion for “hostile or warlike action in time of peace or war … by any government or sovereign power,” according to the complaint Mondelez filed in court last fall, which Crain’s Chicago Business obtained. In February 2018, the White House attributed the NotPetya attack to the Russian military, calling it the “most destructive and costly cyberattack in history.” By blaming the Russians, the government gave Zurich an opening, but not necessarily an airtight argument: “Zurich’s invocation of a ‘hostile or warlike action’ exclusion to deny coverage for malicious ‘cyber’ incidents was … unprecedented,” Mondelez’s complaint asserted. “The purported application of this type of exclusion to anything other than conventional armed conflict or hostilities was unprecedented.” “We still don’t have a clear idea of what cyberwar actually looks like,” cyber risk adviser Jake Olcott told the Times. “That is one of the struggles in this case. No one has said this was an all-out cyberwar by Russia.” [...]