Following the news article from below – it is no news that insurers try to avoid paying, but their stand of not paying due to cyber war acts will not stand, in my opinion.
For a cyber act and/or malware, to be officially declared, in our digital anonymized worlds, as originated from a specific country and intended to be an act of war – I guess only other governments or unions of governments (e.g. UN, NATO) can declare that, and such declaration may have severe consequences, like… ahhmmm… starting a war… – so the insurers’ ability to avoid paying for this reason, is, I think, close to zero (although it may be a true fact in reality and they may be right in their claim, but they won’t be able to prove it)
“Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved“