According to court documents filed by Mondelez - the owner of chocolate brands Cadbury and Oreo - Zurich initially looked to settle the claim and promised the food giant a $10 million interim payment.
However, Mondelez claim the US arm of the Swiss carrier later refused to pay.
Zurich said this was due to an exclusion in the policy for “a hostile or warlike action” by a government or sovereign power or people acting for them.
This is understood to be the first time a war exclusion has been used in relation to a cyber policy.
Mondelez is now is seeking $100 million in damages.
In June 2017, the NotPetya virus swiftly overtook WannaCry to become the world’s most damaging cyber attack.
Initially targeting the Ukraine, it spread into the IT systems of a number of multinational corporations and has led to estimates of economic losses as high as $10 billion.
One of the worst-affected companies was the US pharmaceutical firm Merck, with its insurance cover has the potential to become an unwanted poster child for the industry’s silent cyber exposures.
Last year, the company estimated losses from the attack at $915 million spread across the 2017 and 2018 financial years and begun to make recoveries on its affirmative cyber tower led by Chubb and believed to provide around $275 million of coverage, according to sources.
Both companies could not immediately be reached to comment on the case.