It was in the early hours of March 19 that Oslo-headquartered Norsk Hydro “became victim of an extensive cyberattack” and saw operations in several of its business areas impacted. Now a preliminary loss estimate has been released, and we know who leads the cyber insurance policy.
In Norsk Hydro’s latest update on the incident, it said operations in the building systems unit – part of the extruded solutions business area, which was the hardest hit – remain almost at a standstill. Most operations are currently running at normal capacity.
“Hydro’s global IT organisation is working continuously to resolve the situation together with external expertise,” said the Norwegian aluminium and renewable energy firm in a March 26 statement.
“The company has now entered the recovery phase following the attack, gradually restoring IT systems in a safe and secure manner to ensure progress toward normal business while limiting the impact for people, operations, customers, suppliers, and other partners.”
Meanwhile Norsk Hydro described its cyber risk insurance policy as “solid” and cited global provider AIG as the lead. The enterprise did not name the others involved in the coverage but called them “recognised” insurers.
As for the financial impact, Norsk Hydro acknowledged that it is premature to provide a precise or detailed overview but said a high-level evaluation showed a preliminary approximation of between NOK300 million and NOK350 million for the first full week after the cyberattack.