Reinsurance News

Norsk Hydro says cyber attack could cost $41mn, names AIG as lead insurer

26th March 2019 - Author: Matt Sheehan

Aluminium manufacturer Norsk Hydro has said that it is anticipating a financial impact of between 300-350 Norwegian crowns (USD $35-41 million) for the first week following a cyber attack on March 19 that caused major disruption to its operations.

The Norwegian firm also stated that it had a “solid cyber risk insurance policy with recognized insurers” in place, and named AIG as the lead insurer.

After detecting unusual activity on its servers last week that disabled part of its smelting operations, Norsk Hydro isolated all plants and operations and switched to manual operations and procedures.

In an update today it said most operations are now running at normal capacity, with production at 70-80% for Extruded Solutions, which was its most affected business area.

This is with the exception of the Building Systems unit, the company stipulated, which remains “almost at a standstill” following the suspected ransomware/malware attack.

Norsk Hydro explained that the majority of its loss estimate stems from lost margins and volumes in the Extruded Solutions business area.

The company confirmed last week that its cyber insurance policy does include business interruption cover, although it is unclear whether this has been factored into the current loss estimate.

It did not disclose how much money it hoped to recover from its insurance, and with some operations still suspended, it’s expected that the total cost of the attack may yet rise.

“Hydro’s global IT organization is working continuously to resolve the situation together with external expertise,” Norsk Hydro said in a statement.

“The company has now entered the recovery phase following the attack, gradually restoring IT systems in a safe and secure manner to ensure progress toward normal business while limiting the impact for people, operations, customers, suppliers and other partners,” it continued.

Reports suggest that Norsk Hydro has ruled out paying hackers to unlock its files, preferring instead to restore file from backup servers.

The company also said that it had reported the “sophisticated” cyber attack to Norway’s National Investigation Service (Kripos) and is cooperating with relevant authorities, including the Norwegian National Security Authority (NSM).

Verisk’s Property Claims Services (PCS) has already begun investigating the loss potential of the Norsk Hydro attack to determine whether it qualifies for designation under PCS Global Cyber.

If the attack is found to have generated a re/insured loss of at least $20 million, which now seems likely, PCS will monitor and collect claims data for the loss, PCS Co-Head Tom Johansmeyer told our sister publication, Artemis, yesterday.

Print Friendly, PDF & Email

Recent Reinsurance News

Getting your daily reinsurance news from Reinsurance News is a simple way to receive only the reinsurance industry news that matters, delivered directly to your email inbox.

  • Only email is mandatory, but the more you tell us about yourself the better we can serve you in future!
  • This field is for validation purposes and should be left unchanged.

By submitting the form you are giving your consent to be emailed by us.

Read previous post:
RenaissanceRe Europe AG emerges following TMR acquisition

Following the completion of its acquisition of Tokio Millennium Re, RenaissanceRe is rebranding its Zurich and European underwriting operations to...