Cyber Insurance Specialist, CFC, Comments on Lessons of Norsk Hydro Cyber Attack
Norsk Hydro, one of the world’s largest aluminum producers, is still struggling to return to full production, after a ransomware attack shut down its operations on Monday.
“We are continuing to make progress towards a resolution, but the situation remains serious and we are still dependent on extraordinary measures to run many of our operations,” said CFO Eivind Kallevik, in a statement on the company’s website.
These “extraordinary measures” include running the company’s giant smelters in Norway partly on a manual basis.
The company’s Extruded Solutions business area continues to run at approximately 50 percent of normal capacity, which is unchanged from yesterday (March 21), said the company, referring to the operation that transforms aluminum ingots into car components and building products, to name a few.
The root causes of the cyber attack have been “detected and a cure has been identified, allowing Hydro’s experts to work on reverting infected systems back to a pre-infected state,” said the company.
In its March 19 comments, a day after the attack began, Hydro revealed it has cyber insurance.
Graeme Newman, chief innovation officer at CFC Underwriting, a London-based cyber liability specialist, commented on the Hydro cyber attack and the possible lessons learned for other insurance buyers.
“The long-term implications of the cyber-attack on Norsk Hydro will depend on whether it affected solely the corporate network or industrial control systems too. If the former, the initial investigation and remediation costs could potentially run into the millions,” said Newman in an emailed statement.
“The company will also likely be hit with lost production value (which, based on their gross profit could equate to more than $5 million per day),” he added. “If ransomware has infected Hydro’s industrial control systems, the consequences could be severe. For example, if aluminum smelting pots freeze they can be out of action for almost two years.”
While cyber insurance is designed to cover this form of attack and help ensure the impact on business operations is limited, if a company only has bought traditional property policy insurance, then coverage for this type of event would likely be excluded, which could create “devastating” losses, Newman continued.
Related:
- Norsk Hydro Unit Begins Operating at 50% of Capacity After Cyber Attack
- Norsk Hydro Using Backup Servers to Restore Systems After Ransomware Attack
- Norsk Hydro Cyber Attack Exposes Risks of Global Supply Chain Disruptions
- Ransomware Attack on Aluminium Producer Norsk Hydro Is Similar to Other Breaches
- Update: Cyber Attack at Aluminium Producer Norsk Hydro Causes Production Outages
- Los Angeles Fires Become Existential Test for California’s Stopgap Insurer
- California Wildfires Will Likely Lead to Large Economic and Insured Losses
- After Nautilus Insurance Wins Civil Suit vs. Murdaugh, Trial Starts for His Conspirator
- Did Florida Appeals Court Put the Final Nail in the AOB Coffin? Maybe