Norsk Hydro, one of the world’s largest aluminium manufacturing firms, was hit by a cyber attack recently, as malware or ransomware caused the company to shutter and reduce operations at a number of locations.
The Norway-headquartered company’s operations were disrupted after unusual activity was spotted on its servers by IT experts, finding that the attack disabled an important part of the company’s smelting operations, our sister publication Reinsurance News reported at the time.
The company then explained that it did have cyber insurance in-force and later also confirmed that its cyber insurance provisions, whether specific or delivered through other corporate policies, would also likely cover elements of cyber risk related business interruption as well.
Even on Friday operations were not yet back to normal at Norsk Hydro, suggesting any eventual business interruption claim would be escalating with each day that passed.
The company said the “extensive” cyber attack began in the early hours of March 19th.
On Friday March 22nd CFO of Norsk Hydro Eivind Kallevik said, “We are continuing to make progress towards a resolution, but the situation remains serious and we are still dependent on extraordinary measures to run many of our operations. This is particularly challenging within our Extruded Solutions business area, where the implementation of work-around solutions is both challenging and time-consuming.”
That day the company said that the root cause of the problem had been identified as well as a cure, allowing Norsk Hydro’s experts to work on getting infected systems back to a pre-infected state.
“The malicious virus attack caused many of Hydro’s IT-systems to be shut down, not because they were infected but to contain the virus and prevent it from spreading further. Although the situation is progressing from day to day, it remains unclear how long it will take to restore stable I- operations. We need to cure the infected parts of our network, before reopening the healthy parts,” the company’s head of information systems Jo De Vliegher stated.
While the company said it has cyber insurance cover, so far there is no visibility of the potential size of any claim it will ultimately make.
But with business remaining interrupted over a number of days, it now looks like business interruption will be a significant component of any eventual market loss for insurance and reinsurance interests.
It will bring back memories of the 2017 Petya/NotPetya cyber attack that struck pharmaceutical giant Merck among others.
We now know that the insurance and reinsurance market loss for that cyber event reached somewhere around $3.3 billion, as we reported before, largely thanks to escalating so-called silent cyber costs.
Hence, there’s no surprise to hear that Property Claim Services (PCS) is investigating the loss event under its PCS Global Cyber product.
Speaking to Artemis, Co-Head of PCS Tom Johansmeyer said, “The team is watching the event to determine whether designation under PCS Global Cyber. It’s still early, given our threshold for risk loss event designation.
“For PCS to pick up an affirmative cyber risk loss, we look for an insured loss of at least US$20 million — specifically say standalone cyber, blended cyber with other risks (like tech e&o), or all risks with cyber explicitly included. That’s why it’s a bit soon to tell on this event.”
But with the business interruption component a factor, it’s possible the Norsk Hydro cyber incident could spread beyond specific cyber coverages, we’d imagine.
Johansmeyer commented, “It’s interesting to see another BI-type event, as this has been an important topic of conversation in cyber reinsurance circles from Lime St to Front St. The intervening losses tracked by PCS have been breach, but markets tend to remember and work from the last market-defining event. And right now, that’s still NotPetya, which was BI.
“The principal difference so far is that this one appears to be for a single insured — and a single insured that appears to be setting the standard for post-event activity. The re/insurance market would be prudent to note the differences from the risk losses under NotPetya at least as much as any similarities noted because it looks like a BI event.”
It’s understood that Norsk Hydro has enough specific cyber insurance coverage to reach the PCS loss reporting threshold, but it could take some days or weeks before it’s known whether the firms loss will drive a sufficient market impact to warrant full reporting.
We’re returning to Singapore for our fourth annual ILS market conference for the Asia region. Please register today to secure the best prices. Super early bird tickets are now almost sold out.