Cybercrime , Fraud Management & Cybercrime , Governance & Risk Management

Norsk Hydro Breach: Update on Insurance Coverage

So Far, Insurance Has Paid $3.6 Million, But More Anticipated
Norsk Hydro Breach: Update on Insurance Coverage

So far, Norwegian aluminum company Norsk Hydro has received just $3.6 million from its cyber insurer to cover expenses related to the LockerGoga ransomware attack it suffered in March that led to losses of $50 million to $71 million, the company revealed in its third quarter report.

See Also: How to Build Your Cyber Recovery Playbook

Norsk Hydro, one of the world's largest aluminum producers, expects more insurance compensation will come as more costs are totaled.

Commenting on the relatively small amount of expenses covered by insurance so far, Jack Kudale, founder and CEO of Cowbell Cyber, which offers an underwriting platform, notes: “Cyber claims are pending, on average, for 18 months due to an insured’s lack of ability to prove losses from the event.”

Big Impact

The ransomware attack began at one the company’s U.S. plants, but it eventually took down its worldwide network and affected production as well as office operations (see: Aluminum Giant Norsk Hydro Hit by Ransomware).

“The cyberattack on Hydro on March 19, affected the entire global organization, with extruded solutions having suffered the most significant operational challenges and financial losses,” the company says in a statement.

The losses incurred stemmed from lost revenue as well as hardware and consultancy costs to mitigate and recover from the attack, the company told Threatpost.

In response to the attack, the firm had switched to manual processes in many factories, which had necessitated having many more employees working shifts in factories, the company says.

Ransomware Trends

A ProPublica report published in August raised the notion of whether ransomware attackers target companies with cyber insurance (see: Do Ransomware Attackers Single Out Cyber Insurance Holders?).

Along with companies worldwide, several healthcare organizations, cities and local governments in the U.S. have been targeted by ransomware this year. An October report by security firm Emsisoft revealed that more than 600 ransomware attacks pummeled local governments, schools districts and healthcare providers across the U.S. in the first three quarters of this year (see: Just How Widespread Is Ransomware Epidemic?).

About the Author

Apurva Venkat

Apurva Venkat

Special Correspondent

Venkat is special correspondent for Information Security Media Group's global news desk. She has previously worked at companies such as IDG and Business Standard where she reported on developments in technology, businesses, startups, fintech, e-commerce, cybersecurity, civic news and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.