Is insurance coverage for cyber claims barred by a war exclusion?  Judy Selby and Peter McLaughlin asked this question in a recent post for IAPP. Two corporate giants, Mondelez International and Merck, made the headlines recently as they sustained serious damage as a result of a NotPetya infection, an encrypting ransomware. They have each filed declaratory judgments after their carriers denied their claims. Reports of these insurance disputes have led to concerns that cyber incidents involving state actors would not be covered by cyber policies with war exclusions. The Verizon 2019 Data Breach Investigations Report attributes 23% of breaches  to nation-states or state-affiliated players. "These state-sponsored attacks typically range from theft or espionage to financial gain; however, some attacks appear to have been driven by grudge or by swatting a neighbor," Selby and McLaughlin write. "[P]erhaps we are viewing this through an old lens. Insurance has often [...]