diff --git a/plugin/pkg/admission/webhook/admission.go b/plugin/pkg/admission/webhook/admission.go
index a0b222b413b..3452cdb0d14 100644
--- a/plugin/pkg/admission/webhook/admission.go
+++ b/plugin/pkg/admission/webhook/admission.go
@@ -191,7 +191,7 @@ func (a *GenericAdmissionWebhook) Admit(attr admission.Attributes) error {
 				return
 			}
 
-			ignoreClientCallFailures := hook.FailurePolicy == nil || *hook.FailurePolicy == v1alpha1.Ignore
+			ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == v1alpha1.Ignore
 			if callErr, ok := err.(*ErrCallingWebhook); ok {
 				if ignoreClientCallFailures {
 					glog.Warningf("Failed calling webhook, failing open %v: %v", hook.Name, callErr)
diff --git a/plugin/pkg/admission/webhook/admission_test.go b/plugin/pkg/admission/webhook/admission_test.go
index ee5888676d2..82a1d28ff1e 100644
--- a/plugin/pkg/admission/webhook/admission_test.go
+++ b/plugin/pkg/admission/webhook/admission_test.go
@@ -216,7 +216,7 @@ func TestAdmit(t *testing.T) {
 			},
 			expectAllow: true,
 		},
-		"match & fail (but allow because fail open on nil)": {
+		"match & fail (but disallow because fail closed on nil)": {
 			hookSource: fakeHookSource{
 				hooks: []registrationv1alpha1.ExternalAdmissionHook{{
 					Name:         "internalErr A",
@@ -232,7 +232,7 @@ func TestAdmit(t *testing.T) {
 					Rules:        matchEverythingRules,
 				}},
 			},
-			expectAllow: true,
+			expectAllow: false,
 		},
 		"match & fail (but fail because fail closed)": {
 			hookSource: fakeHookSource{