Cybercrime , Fraud Management & Cybercrime , Governance & Risk Management
Norsk Hydro Breach: Update on Insurance Coverage
So Far, Insurance Has Paid $3.6 Million, But More AnticipatedSo far, Norwegian aluminum company Norsk Hydro has received just $3.6 million from its cyber insurer to cover expenses related to the LockerGoga ransomware attack it suffered in March that led to losses of $50 million to $71 million, the company revealed in its third quarter report.
See Also: Gartner Guide for Digital Forensics and Incident Response
Norsk Hydro, one of the world's largest aluminum producers, expects more insurance compensation will come as more costs are totaled.
Commenting on the relatively small amount of expenses covered by insurance so far, Jack Kudale, founder and CEO of Cowbell Cyber, which offers an underwriting platform, notes: “Cyber claims are pending, on average, for 18 months due to an insured’s lack of ability to prove losses from the event.”
Big Impact
The ransomware attack began at one the company’s U.S. plants, but it eventually took down its worldwide network and affected production as well as office operations (see: Aluminum Giant Norsk Hydro Hit by Ransomware).
“The cyberattack on Hydro on March 19, affected the entire global organization, with extruded solutions having suffered the most significant operational challenges and financial losses,” the company says in a statement.
The losses incurred stemmed from lost revenue as well as hardware and consultancy costs to mitigate and recover from the attack, the company told Threatpost.
In response to the attack, the firm had switched to manual processes in many factories, which had necessitated having many more employees working shifts in factories, the company says.
Ransomware Trends
A ProPublica report published in August raised the notion of whether ransomware attackers target companies with cyber insurance (see: Do Ransomware Attackers Single Out Cyber Insurance Holders?).
Along with companies worldwide, several healthcare organizations, cities and local governments in the U.S. have been targeted by ransomware this year. An October report by security firm Emsisoft revealed that more than 600 ransomware attacks pummeled local governments, schools districts and healthcare providers across the U.S. in the first three quarters of this year (see: Just How Widespread Is Ransomware Epidemic?).