Merck Cyber Attack Could Cost Insurers $275 Million: Report

A forecast has determined that insurers could pay up to $275 million to cover the insured portion of drugmaker Merck’s losses from the ‘NotPetya’ cyber attack earlier in June this year.

Originating in Ukraine, the “NotPetya” cyberattack disrupted production of several Merck medicines and vaccines alongside disrupting dozens of worldwide firms and corporate networks of multinationals affected in the June 27 attack. The NotPetya malware spread across networks and crippled machines by encrypting hard drives. Recovery of the damaged drives became a cumbersome, labor-intensive process.

Come July, the drugmaker claimed it suffered ‘worldwide’ disruption of its operations following the malware attack. A month later, it was still in the process of restoring its manufacturing operations. Subsequently, Merck said it was confident it would be able to maintain a continuous supply of its life-saving, top-selling drugs whilst warning of temporary delays in delivering other products.

For its part, Merck did not disclose the magnitude of its uninsured losses, with a spokeswoman quoted by Reuters as stating:

Merck has not yet fully quantified its losses, much less given any of its insurers an estimate of the total amount of those losses.

While the company had insurance that would cover a portion of the costs, the spokeswoman declined to expand on details or reveal just how much Merck expects to pay on its own.

Cyber insurance isn’t always available outside the United States with Reuters quoting one insurer previously describing the cost as $100,000 for $10 million in data breach insurance. Data breach insurance policies usually cover expenses as a result of a data breach including digital forensics, data restoration and other costs. Sound policies also help cover business interruption expenses when a company suffers outages of its website.

Image credit: Pexels.