Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

Norsk Hydro Receives First Insurance Payout Following Cyberattack

Norwegian aluminum giant Norsk Hydro recently published its financial results for the third quarter of 2019 and revealed that it received its first insurance payout related to the cyberattack that hit the company in March.

Norwegian aluminum giant Norsk Hydro recently published its financial results for the third quarter of 2019 and revealed that it received its first insurance payout related to the cyberattack that hit the company in March.

The company estimates that the financial impact of the ransomware attack in the first half of 2019 ranges between $60 million and $70 million (550 to 650 million Norwegian crowns), which is similar to previous estimates.

The company’s Extruded Solutions division suffered the most, both in terms of operations and financial losses.

In its latest financial report, the company revealed that the incident is expected to have limited financial effects in the third quarter. This past quarter, the company received its first insurance compensation following the attack: $3.6 million (33 million Norwegian crowns), which represents only a fraction of the total losses.

Norsk Hydro has reiterated that it has “robust cyber insurance in place with recognized insurers” and it expects to receive more money. It remains to be seen exactly how much insurers will pay in total.

“Cyber insurance is still a nascent market and every policy aspect is being tested (coverage definition, premiums, limits and sublimits, and more) as more enterprises adopt insurance to help mitigate incident-related losses,” Trent Cooksley, COO at cyber insurance firm Cowbell Cyber, told SecurityWeek.

“Silent cyber and coverage obtained as an endorsement to a general commercial liability policy or E&O is often not enough. There are unarguable benefits to policyholders and insurance providers to evolve to a model where enterprises can subscribe to a ‘true’ cyber liability policy. Cyber risks should be measured on a continuous basis, and coverage defined at a more granular level, in order to close today’s insurability gaps,” Cooksley added.

The security incident at Norsk Hydro involved a piece of file-encrypting ransomware known as LockerGoga. The attack caused disruptions at several plants and forced workers to rely on manual processes, but the company refused to pay the ransom demanded by the hackers and instead relied on backups to restore systems.

Related: Zurich Rejects Mondelez’ $100 Million NotPetya Insurance Claim Citing ‘Act of War’

Related: Firms Increasingly Interested in Cyber Insurance: Study

Related: Baltimore to Buy $20M in Cyber Insurance Months After Attack

Related: Cyber Insurance Market to Double by 2020, Says Munich Re

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.