We're sorry but your browser is not supported by Marsh.com.au

For the best experience, please upgrade to a supported browser:


Risk In Context

Client Alert: Norsk Hydro ASA data breach

Posted by Kelly Butler 25 March 2019

One of the world’s largest aluminium producers, Norwegian firm Norsk Hydro ASA (Hydro), reported on 19 March 2019 that their business was experiencing an extensive cyber-attack that had impacted IT systems in most of the company’s divisions. According to company CFO Eivind Kallevik, Norsk  established that the attack originated from ransomware that entered its network. The Norwegian National Security Authority confirmed the ransomware in question is LockerGoga1, a relatively new strain of ransomware, which encrypts computer files and demands payment to unlock them.  

Immediate steps taken

Hydro is actively working to restore its operations, but in an official statement the company confirmed that they were not yet aware of the full impact of the attack2. Photos have surfaced on the internet of signs posted at Hydro’s offices, advising employees not to connect any devices to the network3.

In a bid to prevent any further spread of the virus, Norwegian broadcaster NRK reported that Norway’s National Cyber Security Centre (NorCERT) had sent out warnings to all major Norwegian companies informing them of the attack.   

NorCERT’s notification advised that the ransomware attack on Norsk, which is 34 percent owned by the state, was also combined with an attack against its active directory containing user database information. NorCERT has called for information from any other organisations hit by similar attacks as it continues to assist Norsk in conjunction with Norway’s national security authority NSM4.

Official statements from Norsk advise that the company will restore systems using back-up data, and that it has not made contact with the perpetrators. To date no specific ransom demands have been made5 and it is understood that Norsk does purchase Cyber insurance.6

Cyber Insurance Response

The attack is the latest to hit the primary metals and commodities sectors, where disruptions to technology networks can quickly cascade down the supply chain and cause significant financial losses that stem from interruption to business operations.

An insurance policy can provide invaluable immediate assistance in the event of a ransomware attack, bringing in specialist vendors to work in conjunction with an insured’s IT, risk, legal and executive teams. While it should not act as the primary solution for managing a company’s exposure to cyber-attacks, the provision of response and recovery costs through insurance plays an important role in the overall risk management and disaster recovery protocols of a business.

Organisations at the start of a supply chain face a specific range of cyber and operational risks that can result in significant economic loss to a company. AI and machine learning, supply chain interconnectedness, Industrial Control and Supervisory Control and Data Acquisition (SCADA) systems are critical elements in the digital transformation of businesses in industrial sectors. However they also bring with them increasing reliance on technology and vulnerability to cyber-attacks.

Cyber insurance has evolved from a largely privacy-breach driven product to a broad solution for companies of any size that addresses key business interruption risks. Items covered by stand-alone Cyber insurance can include:

  • Financial loss caused by operational disruption, voluntary shutdown or supply chain interruption following a cyber-attack
  • Payment of ransom demands made by malicious external actors
  • IT forensic costs to isolate, assess and remove the cause of a cyber breach
  • Costs incurred to recreate and/or restore data and protect confidential information
  • Legal costs and damages from liability claims due to network security failure.

Ransomware and other cyber threats will increase in frequency and sophistication. To meet these evolving risks, organisations require a comprehensive cyber risk management strategy that includes a strong understanding of risk exposures, optimised cybersecurity and risk transfer through cyber insurance programs, to ensure a quick, effective response and a timely return to normal operations.

1 https://www.helpnetsecurity.com/2019/03/20/norsk-hydro-cyber-attack/
2 https://www.newsinenglish.no/2019/03/19/hackers-hold-norsk-hydro-for-ransom/
3 https://www.bloomberg.com/news/articles/2019-03-19/norsk-hydro-ransomware-attack-is-severe-but-all-too-common
4 https://www.bloomberg.com/news/articles/2019-03-19/hydro-says-victim-of-extensive-cyber-attack-impacting-operations-jtfgz6td
5 https://newsweb.oslobors.no/message/472389
6 https://techcrunch.com/2019/03/19/norsk-hydro-ransomware/

Kelly Butler

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) (“Marsh”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226827) which is a related entity of Marsh. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions. This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from JLT Risk Solutions on request. Full information can be found in the JLT Risk Solutions Financial Services Guide.