A close reading of the exclusions carriers now write for AI-driven incidents and governance failures, and the clauses that trigger a denied claim.

In 2017, the NotPetya malware wiped more than 40,000 of Merck's computers in a single afternoon. Merck filed a claim for roughly 1.4 billion dollars. Its insurers refused, pointing to a war exclusion drafted for a different century. Merck did eventually recover, but only after a fight that ran nearly seven years and settled in January 2024, days before the New Jersey Supreme Court was due to rule (Cybersecurity Dive). What should hold a board's attention here is the timeline. Collecting on that policy took the better part of a decade.

A cyber policy is a conditional contract. The carrier writes the conditions, and most of them are tested only after a breach, at the precise moment the buyer has the least leverage and the worst week of its corporate life. The fastest-growing part of cyber insurance since 2022 has not been coverage. It has been the catalogue of exclusions. Three families of clause now decide most disputed claims: state-backed attacks, the accuracy of your own application, and a newer, largely untested category, artificial intelligence.

The war clause that Merck escaped

Merck won on the precise language of its policy. A New Jersey appellate court held in May 2023 that a "hostile or warlike action" exclusion required actual military action, and that a Russian intelligence operation spilling onto civilian networks did not meet that bar (Cybersecurity Dive). The malware was later attributed to Sandworm, a unit of Russian military intelligence (IBM). The lesson the market drew from the case was straightforward: rewrite the wording.

Lloyd's of London did exactly that. Market Bulletin Y5381 requires every standalone cyber policy underwritten at Lloyd's, from 31 March 2023, to exclude losses from state-backed cyber-attacks, including attacks that significantly impair a state's ability to function or its security capabilities, and to set out how an attack will be attributed to a state (Lockton). Attribution is the clause that bites. The new wording lets the insurer rely on government or third-party attribution to place an incident inside the exclusion. Run NotPetya against that language today and it becomes a far harder claim than the one Merck won. Merck was not the only company the malware swept up, and the disputes that followed are what pushed the market toward the rewrite.

The form you signed

The second family never reaches the question of who attacked you. It asks whether you told the truth on the application. In 2022, Travelers moved to rescind a one million dollar cyber policy after a ransomware attack on International Control Services, a manufacturer that had attested to using multi-factor authentication on privileged accounts. The application carried two signatures: the chief executive and the person responsible for network security. The court entered judgment voiding the policy from the day it was issued (Reed Smith). The legal point reaches every boardroom: a material misrepresentation can void a policy whether or not anyone intended to deceive.

The trap is sharper than a single form. Many policies carry a continuous-controls condition. In Columbia Casualty's dispute with Cottage Health System, the policy excluded any loss arising from the insured's failure to "continuously implement the procedures and risk controls identified in the Insured's application" (Reed Smith). An application is a photograph. The warranty behind it runs like film. A control that lapses mid-term, an expired endpoint licence, a new server stood up without MFA, a patch cycle that slips, can become the carrier's stated reason to deny, even where its link to the actual breach is arguable.

A one million dollar policy was voided from the day it was issued over a single inaccurate answer about multi-factor authentication.

The clause no one has finished writing

The third family is still being drafted. In January 2026, the Insurance Services Office, which writes standard policy forms for the United States market, introduced generative-AI exclusions for commercial general liability, forms CG 40 47, CG 40 48 and CG 35 08, with a definition broad enough to capture almost any system that produces text, images, audio, video or code (Business Insurance). Cyber policies were built around data breaches and network intrusion, not around a model that hallucinates or a deepfake that authorises a payment (Honigman).

That gap is where the next disputes live. A finance team wires funds on a voice that sounds exactly like the chief executive. A security tool driven by machine learning fails to flag the intrusion it was bought to catch. Whether either loss sits inside a cyber policy, inside an AI exclusion, or in neither, is in most contracts simply unaddressed. When a policy says nothing about AI, it has not quietly granted cover. It has deferred the question to a future dispute.

What the limit is actually worth

For the board, the figure on the declarations page is not the figure on the balance sheet. A policy carrying a state-backed exclusion, a continuous-controls warranty and an unsettled position on AI is worth less than its stated limit, because each clause discounts the probability of payment. The exposure sits heaviest in regulated, critical sectors: banking, utilities, telecommunications, healthcare. In Malaysia, entities designated under the Cyber Security Act 2024 (Act 854) as National Critical Information Infrastructure already owe the regulator a baseline of controls and audits. The same evidence that satisfies a regulator is the evidence a carrier will later read, and the carrier reads it less generously. Two regimes, one set of logs.

What the board can settle this quarter

Read the three clauses. Pull the policy and locate the war and state-backed exclusion, the controls warranty or minimum-practices condition, and any wording on AI. Read them with coverage counsel, not only the broker who sold them.

Reconcile the application against reality. Every control you attested to, MFA coverage, endpoint detection, backup isolation, patch cadence, must have been true the day you signed and must stay true. Treat the renewal questionnaire as the board-level warranty it legally is.

Map your attribution exposure. If you sit in a critical sector, ask the carrier in writing how it decides an attack was state-backed and what evidence triggers the exclusion. Settle that before renewal, not after an incident.

Close the AI gap on paper. Ask plainly whether AI-enabled fraud and the failure of AI security tooling are covered, excluded, or unaddressed. Push for affirmative wording or a written confirmation. A number of carriers now offer it.

Keep the evidence. The difference between a paid claim and a denied one is often a logging trail proving the controls were live at the moment of loss.

Merck recovered because its wording was old and a judge read it narrowly. That escape route has been closing, clause by clause, since 2023. The decision in front of the board is not whether to carry cyber insurance. It is whether the policy already in the drawer will pay when tested, and that question can be answered now, on a quiet afternoon with the contract open, rather than discovered in the week after a breach. The cheapest time to read the exclusions is before the carrier does.

Sources

• "Merck reaches settlement in closely watched NotPetya insurance case," Cybersecurity Dive. https://www.cybersecuritydive.com/news/merck-settlement-notpetya-insurance/703922/

• "How will the Merck settlement affect the insurance industry?," IBM. https://www.ibm.com/think/insights/merck-settlement-affect-insurance-industry

• "What To Expect From The Lloyd's Mandate To Exclude State-Sponsored Cyberattacks," Lockton (on Lloyd's of London Market Bulletin Y5381). https://global.lockton.com/us/en/news-insights/what-to-expect-from-the-lloyds-mandate-to-exclude-state-sponsored

• "Insurance applications under scrutiny: Lessons from Travelers v. ICS," Reed Smith LLP. https://www.reedsmith.com/en/perspectives/2022/07/insurance-applications-under-scrutiny-lessons-from-travelers-v-ics

• "Pressure points in cyber insurance policies revealed in litigation," Reed Smith LLP (on Columbia Casualty Co. v. Cottage Health System). https://www.reedsmith.com/articles/cyber-insurance-claims/pressure-points-in-cyber-insurance-policies-revealed-in-litigation/

• "Insurers, brokers adjust as AI exclusions emerge," Business Insurance (on ISO forms CG 40 47, CG 40 48, CG 35 08). https://www.businessinsurance.com/insurers-brokers-adjust-as-ai-exclusions-emerge/

• "The AI Insurance Gap and What It Means for Technology Contracts," Honigman LLP. https://www.honigman.com/the-matrix/ai-insurance-gap-what-it-means-for-technology-contracts

Disclaimer

This article is general information about cyber insurance practice and is not legal, financial, or insurance advice. Policy wordings, exclusions, and regulatory requirements vary by carrier, jurisdiction, and the specific facts of a claim, and they change over time. Case outcomes described here turn on their own facts and do not predict how any other dispute will resolve. Readers should review their own policies with qualified coverage counsel and a licensed broker before acting. Details were verified against the cited sources as of June 2026.