In June 2017, the world's second largest confectionery company was affected by the global ransomware attack called NotPetya which was an untargeted campaign without a specific intended victim. Many of the impacted companies were infected after downloading a routine update for an accounting application tainted by the attackers.
Employees experienced operational difficulties to the extent that the attack caused a 5% drop in sales that quarter.
The company reported overall related costs as being $180 million, with $84 million spent cleaning up the attack, investigating its causes, removing the malware and restoring their systems and operations.
In early 2019, the company filed a legal case against its cyber insurer regarding its claim for damages incurred from the NotPetya attack which was believed would have far-reaching implications for the cyber insurance industry specifically as to the viability of war exclusion clauses.
In November 2022, it was reported that the company and their insurers had reached a settlement but details of the settlement were not disclosed publicly.
Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you: