While companies think it is OK that the pay out for spotty Herberts launching DDoS attacks from their mum’s basement, it is rather unfair that they have to pay for attacks conducted by state sponsored hackers.

The Bulletin of the Atomic Scientists said that  insurance companies are beginning to re-interpret an old line in their contracts known as the "war exclusion".

Stripping away the metaphorical connotation of the term "cyberwarfare", big insurers like Zurich Insurance have decided that state-sponsored attacks are basically just plain warfare.

The US government is increasingly attributing state-sponsored cyberattacks to their alleged perpetrators, a development that some argue is a means of holding bad actors accountable. But the policy certainly doesn't seem to be doing any favours to the private sector.

For example the maker of Oreos was hit by 2017's "NotPetya" attack, but its insurer refused to cover its $100 million in losses, citing an exclusion for "hostile or warlike action in time of peace or war...by any government or sovereign power".

Oreo called their response "unprecedented," saying the war exclusion has always been applied only to "conventional armed conflict" -- and not to cyber-attacks.

Slashdot reader Lasrick argues that an insurance company win in court "could make cyberwar much more real -- and costly".