Norsk Hydro’s cyber insurance has paid just a fraction of its breach-related losses so far
Norsk Hydro received an insurance payout of $3.6 million following a highly publicized cyberattack earlier this year, the company revealed in its third quarter earnings report.
The insurance payout represents about 6% of the $60 million to $71 million in costs created by the incident through the third quarter, the company said. The Norwegian aluminum and energy giant expects more compensation will come as more costs are totaled.
Norsk Hydro, which had a market capitalization of $12 billion last year, said after the attack in March that its policy, led by AIG, was “solid.” The company said it was struck with a large ransomware attack that started in its U.S. facilities then spread. It wasn’t until summer when Norsk Hydro determined the situation was stable.
Incident responders determined the ransomware strain was LockerGoga, which has haunted the industrial sector. Norsk Hydro did not pay the ransom demand, deciding instead to restore its systems from digital backups. The firm also switched to “manual mode” inside numerous facilities in order to contain the spread of the virus. Norway’s Computer Emergency Response Team also was involved in the cleanup.
Extruded Solutions, a Norsk Hydro manufacturer of aluminum, suffered the “most significant operations challenges and financial losses” as a result of the attack, the company said in its earnings report.
This insurance payout comes amid a period of skepticism over the cyber insurance market. Numerous companies, including SS&C Technologies, a financial services firm, have entered litigation against their insurance providers, alleging insurers have failed to meet legitimate claims. In two notable cases, major insurers refused to pay by arguing that claims were not valid under existing cyber insurance policies.