Property Claims Services (PCS), a Verisk business, has begun investigating the loss potential of the recent cyber attack on aluminium manufacturing giant Norsk Hydro.
Co-Head of PCS Tom Johansmeyer told our sister publication, Artemis, that the firm was watching the event to determine whether it qualifies for designation under PCS Global Cyber.
This would require the attack to generate a re/insured loss of at least $20 million, which is a possibility given Norsk Hydro’s level of specific cyber insurance coverage.
If the Norsk Hydro incident is designated as a Global Cyber event, PCS will monitor and collect claims data for the loss, which can be used by the market as an input to any cyber industry loss warrants or other loss-triggered risk transfer instruments.
The Norway-headquartered manufacturer’s operations were disrupted last week after unusual activity was spotted on its server by IT experts, who found that the attack had disabled an important part of the company’s smelting operations.
Norsk Hydro has since confirmed that it does have cyber insurance coverage in place and that its policy does cover business interruption losses.
After detecting the anomaly, Norsk Hydro isolated all plants and operations and switched to manual operations and procedures, although it said that most operations are now running at normal capacity as of March 25.
“Our initial response was to isolate the different operations and contain the virus to prevent it from spreading. Then we identified a cure which has allowed us to begin cleaning all servers and computers,” said Chief Financial Officer Eivind Kallevik. “Now, we are in the early stages of the recovery phase, where we will gradually take our IT-operations back to normal mode.”
“It’s interesting to see another BI-type event,” Johansmeyer remarked, “as this has been an important topic of conversation in cyber reinsurance circles from Lime St to Front St.”
“The intervening losses tracked by PCS have been breach, but markets tend to remember and work from the last market-defining event. And right now, that’s still NotPetya, which was BI,” he continued.
“The principal difference so far is that this one appears to be for a single insured — and a single insured that appears to be setting the standard for post-event activity. The re/insurance market would be prudent to note the differences from the risk losses under NotPetya at least as much as any similarities noted because it looks like a BI event.”
The 2017 Petya/NotPetya cyber attack, which impact pharmaceutical giant Merck among others, is estimated to have caused a re/insurance market loss of around $3.3 billion due to the escalating silent cyber costs.
Johansmeyer cautioned that it was still too early to tell whether the Norsk Hydro attack would reach PCS’ threshold for risk loss event designation, meaning it could take some days or weeks to determine whether the event will warrant full reporting.