Connect with us

Hi, what are you looking for?


Cyber Insurance

Norsk Hydro Receives First Insurance Payout Following Cyberattack

Norwegian aluminum giant Norsk Hydro recently published its financial results for the third quarter of 2019 and revealed that it received its first insurance payout related to the cyberattack that hit the company in March.

Norwegian aluminum giant Norsk Hydro recently published its financial results for the third quarter of 2019 and revealed that it received its first insurance payout related to the cyberattack that hit the company in March.

The company estimates that the financial impact of the ransomware attack in the first half of 2019 ranges between $60 million and $70 million (550 to 650 million Norwegian crowns), which is similar to previous estimates.

The company’s Extruded Solutions division suffered the most, both in terms of operations and financial losses.

In its latest financial report, the company revealed that the incident is expected to have limited financial effects in the third quarter. This past quarter, the company received its first insurance compensation following the attack: $3.6 million (33 million Norwegian crowns), which represents only a fraction of the total losses.

Norsk Hydro has reiterated that it has “robust cyber insurance in place with recognized insurers” and it expects to receive more money. It remains to be seen exactly how much insurers will pay in total.

“Cyber insurance is still a nascent market and every policy aspect is being tested (coverage definition, premiums, limits and sublimits, and more) as more enterprises adopt insurance to help mitigate incident-related losses,” Trent Cooksley, COO at cyber insurance firm Cowbell Cyber, told SecurityWeek.

“Silent cyber and coverage obtained as an endorsement to a general commercial liability policy or E&O is often not enough. There are unarguable benefits to policyholders and insurance providers to evolve to a model where enterprises can subscribe to a ‘true’ cyber liability policy. Cyber risks should be measured on a continuous basis, and coverage defined at a more granular level, in order to close today’s insurability gaps,” Cooksley added.

The security incident at Norsk Hydro involved a piece of file-encrypting ransomware known as LockerGoga. The attack caused disruptions at several plants and forced workers to rely on manual processes, but the company refused to pay the ransom demanded by the hackers and instead relied on backups to restore systems.

Advertisement. Scroll to continue reading.

Related: Zurich Rejects Mondelez’ $100 Million NotPetya Insurance Claim Citing ‘Act of War’

Related: Firms Increasingly Interested in Cyber Insurance: Study

Related: Baltimore to Buy $20M in Cyber Insurance Months After Attack

Related: Cyber Insurance Market to Double by 2020, Says Munich Re

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...