SlideShare a Scribd company logo

Maersk Notpetya Crisis Response Case Study

Charlie Pownall
Charlie Pownall

Case study detailing how shipping and logistics company Maersk responded to its NotPetya 2017 cyber attack

Leadership & Management
1 of 24
Download to read offline
NotPetya cyber attack June 2017 Reputation risk management / Crisis management / Cyber and data privacy communications
2 Background
3Source: The Economist - 2015, 2016 • The world’s no. 1 shipping company by volume • But global shipping industry in crisis due to weak economic growth, overcapacity, localisation, shift to mail, etc • Declining profitability, pressure to consolidate and/or refocus • Maersk seen as strong in shipping, terminals and logistics; weaker in oil exploration and drilling • Pressure on Maersk to separate, spin-off or sell oil businesses • Maersk Line starting to focus on digitisation to improve efficiencies and cut costs AP Moller-Maersk – early 2017
4Source: AP Moller-Maersk Annual Report 2016 AP Moller-Maersk – financials (FY 2016)
5Sources: Brand Finance, 2018 AP Moller-Maersk – brand value (2017)
6Sources: Reputation Institute, 2016 AP Moller-Maersk – corporate reputation (2016)
7 Incident
Maersk cyber attack – overview 8 • Maersk infected via Ukrainian tax return vendor MeDoc • Collateral damage from geo-political attack on Ukraine government, infrastructure and financial system • Full propagation of virus across whole company IT network within 7 minutes • Affected all core business units • 49,000 laptops destroyed, 1,200 apps instantly inaccessible and 1,000 destroyed, incl. the company’s central booking website Maerskline.com • Required immediate (within 2 hours) disconnection of global network • Reverted to manual systems, resulting in 20% reduction in trading volumes • Online bookings mostly resumed after 8 days • 10 days to rebuild 4,000 servers and 45,000 PCs, and restore 2,500 applications • Full IT network restored after four weeks
Maersk cyber attack – day one timeline 9 June 27 (GMT+1) • 04.00 - Ransomware attack on Ukrainian banks, power companies etc • 11.30 - Ukraine Central Bank confirms attack on IT systems • 13.21 - Maersk publicly confirms IT systems are down • 14.02 - Symantec confirms use of Petya ransomware for attacks • 16.12 - Kapersky says NotPetya wiper destroys data, affects ~2,000 organisations • 18.15 – German email provider Posteo confirms it blocked ransom email address • 19.46 - Ukraine police confirm MeDoc is infected by NotPetya • 21.03 - MeDoc denies responsibility for attacks
Maersk cyber attack – communications 10 • Opted for transparent communications – Regular public updates via website, Twitter – Media relations and customer communications via Whatsapp, personal email – Constant internal communications across the world – Consistent messaging across all channels and to all audiences – All communications were fact-based as opposed to misleading speculative • Led from the top – CEO and senior leadership involved in communications response from the outse – CTIO assumed control of crisis team after four days • Apologised upfront – And then focused on the fixing the hole and getting back to business as usual
11
12
13
14 Impact
Immediate financial impact 15
Six-month business and reputational impact 16 • Revenue (FY 2017): 30.9 bn (35.5 bn) • Operating profit/loss: -USD 1.2 bn (-1.9 bn) • Underlying profit: USD 356 m (711 m) • Market cap (after 1 year): -27% • Cyberattack costs: USD 300-350m • Global damages (est): USD 10bn+ • Brand value: +43% Sources: AP Moller Maersk Annual Report 2017; Reputation Institute, March 2019; Brand Finance, Feb 2019
17 Strong relative share price performance
18 2018 share price collapse
19 Lessons & Implications
Maersk cyber attack lessons – 1 20 • High quality response is essential – Maersk moved quickly and decisively – Top management involved from the outset – Transparency and openness cushioned Maersk from regulators, suppliers, employees, media, etc • Ad hoc, flexible approach to crisis management can work – Incl. business continuity, incident/crisis management, leadership and other communications – So long as the incident/crisis team is experienced, methodical, objective, proactive, and decisive
Maersk cyber attack lessons – 2 21 • Total prevention is impossible – Every organisation is exposed to cyber attacks and data breaches – No organisation is exempt from nation state attacks, which tend to be more damaging than other attacks • Historic reputation counts – Maersk’s reputation as a strong, successful industry leader helped it weather the storm • Financial impact of cyber attacks is mostly fairly limited – Goodwill often exists due to volume and nature
Maersk cyber attack lessons – 3 22 • Learn from the incident – At all levels of the organisation – Be seen to be listening and learning from all relevant audiences on an ongoing basis – Document actions and impact carefully during and after the incident, collate and examine thoroughly, and implement the learnings
Implications for Maersk 23 • Stronger, more comprehensive cyber protection – Need for automated cyber detection and response – Business continuity and crisis plans must be comprehensive (as opposed to asset-based), global and up-to-date – Keep business continuity and service resumption plans separate – Need for regular cyber awareness updates and incident training – Cyber insurance protection can help reduce incident costs • Allow for ad hoc response – Permit and be prepared to use non-official communications channels during an incident/crisis when necessary
24 FURTHER INFO +44 20 3856 3599 cp@charliepownall.com linkedin.com/in/charliepownall charliepownall.com

Recommended

NotPetya Presentation
NotPetya PresentationNotPetya Presentation
NotPetya PresentationKimme Buranasombati
 
Full report final for NotPetya
Full report final for NotPetyaFull report final for NotPetya
Full report final for NotPetyaKimme Buranasombati
 
NotPetya Report
NotPetya ReportNotPetya Report
NotPetya ReportBilly Woody
 
USPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementUSPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementJim Piechocki
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019Ivanti
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management ProgramDennis Chaupis
 
Adversary Emulation Workshop
Adversary Emulation WorkshopAdversary Emulation Workshop
Adversary Emulation Workshopprithaaash
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsDamon Small
 

Recommended

NotPetya Presentation
NotPetya PresentationNotPetya Presentation
NotPetya PresentationKimme Buranasombati
 
Full report final for NotPetya
Full report final for NotPetyaFull report final for NotPetya
Full report final for NotPetyaKimme Buranasombati
 
NotPetya Report
NotPetya ReportNotPetya Report
NotPetya ReportBilly Woody
 
USPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementUSPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementJim Piechocki
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019Ivanti
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management ProgramDennis Chaupis
 
Adversary Emulation Workshop
Adversary Emulation WorkshopAdversary Emulation Workshop
Adversary Emulation Workshopprithaaash
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsDamon Small
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideJoAnna Cheshire
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment PresentationLionel Medina
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMElasticsearch
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilienceaccenture
 
Preparing to recover from a cyber attack
Preparing to recover from a cyber attackPreparing to recover from a cyber attack
Preparing to recover from a cyber attackAllan Cytryn
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilienceChristophe Foulon, CISSP
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat ModelingNarudom Roongsiriwong, CISSP
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
malware analysis
malware analysismalware analysis
malware analysis20CS201AkashR
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework👀 Joe Gray
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk AssessmentMichael Lines
 
Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturityDNIF
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability ManagementMarcelo Martins
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Narudom Roongsiriwong, CISSP
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Cyber Crisis Management - Technology Risk Management Forum
Cyber Crisis Management - Technology Risk Management ForumCyber Crisis Management - Technology Risk Management Forum
Cyber Crisis Management - Technology Risk Management Forumjellegroenendaal
 
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19Citrin Cooperman
 

More Related Content

What's hot

Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideJoAnna Cheshire
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment PresentationLionel Medina
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMElasticsearch
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilienceaccenture
 
Preparing to recover from a cyber attack
Preparing to recover from a cyber attackPreparing to recover from a cyber attack
Preparing to recover from a cyber attackAllan Cytryn
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk AssessmentMichael Lines
 
Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturityDNIF
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability ManagementMarcelo Martins
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Narudom Roongsiriwong, CISSP
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 

What's hot (20)

Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilience
 
Preparing to recover from a cyber attack
Preparing to recover from a cyber attackPreparing to recover from a cyber attack
Preparing to recover from a cyber attack
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
 
malware analysis
malware analysismalware analysis
malware analysis
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
 
Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk Assessment
 
Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturity
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability Management
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 

Similar to Maersk Notpetya Crisis Response Case Study

Cyber Crisis Management - Technology Risk Management Forum
Cyber Crisis Management - Technology Risk Management ForumCyber Crisis Management - Technology Risk Management Forum
Cyber Crisis Management - Technology Risk Management Forumjellegroenendaal
 
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19Citrin Cooperman
 
Making Sense of Threat Reports
Making Sense of Threat ReportsMaking Sense of Threat Reports
Making Sense of Threat ReportsDLT Solutions
 
The Moroccan Experiences with the OECD Review Process, Aziz AJBILOU
The Moroccan Experiences with the OECD Review Process, Aziz AJBILOUThe Moroccan Experiences with the OECD Review Process, Aziz AJBILOU
The Moroccan Experiences with the OECD Review Process, Aziz AJBILOUGlobal Risk Forum GRFDavos
 
Crisis Communications
Crisis CommunicationsCrisis Communications
Crisis CommunicationsMWWPR
 
YUDU - Managing a Breach (LDSC Cyber Themed Evening)
YUDU - Managing a Breach (LDSC Cyber Themed Evening)YUDU - Managing a Breach (LDSC Cyber Themed Evening)
YUDU - Managing a Breach (LDSC Cyber Themed Evening)Tom Lejava
 
Cybersecurity During the COVID Era
Cybersecurity During the COVID EraCybersecurity During the COVID Era
Cybersecurity During the COVID EraCitrin Cooperman
 
Maritime Cyber Security Education
Maritime Cyber Security EducationMaritime Cyber Security Education
Maritime Cyber Security EducationValentin Bañaco
 
Infosecurity magazine webinar v2
Infosecurity magazine webinar v2Infosecurity magazine webinar v2
Infosecurity magazine webinar v2Mark Skilton
 
Final national cyber security strategy november 2014
Final national cyber security strategy november 2014Final national cyber security strategy november 2014
Final national cyber security strategy november 2014vikawotar
 
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_151973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15shed59
 
Managing Security Risks in Manufacturing
Managing Security Risks in ManufacturingManaging Security Risks in Manufacturing
Managing Security Risks in ManufacturingWilliam McBorrough
 
How to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRHow to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRCharlie Pownall
 
Cybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafelCybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafelSURFnet
 
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdf
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdfGramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdf
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdfGramax Cybersec
 
DFS22_Main Stage_David Cox_Mastercard_041022
DFS22_Main Stage_David Cox_Mastercard_041022DFS22_Main Stage_David Cox_Mastercard_041022
DFS22_Main Stage_David Cox_Mastercard_041022FinTech Belgium
 
Will the next systemic crisis be cyber?
Will the next systemic crisis be cyber?Will the next systemic crisis be cyber?
Will the next systemic crisis be cyber?Arrow Institute
 

Similar to Maersk Notpetya Crisis Response Case Study (20)

Cyber Crisis Management - Technology Risk Management Forum
Cyber Crisis Management - Technology Risk Management ForumCyber Crisis Management - Technology Risk Management Forum
Cyber Crisis Management - Technology Risk Management Forum
 
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
 
Making Sense of Threat Reports
Making Sense of Threat ReportsMaking Sense of Threat Reports
Making Sense of Threat Reports
 
The Moroccan Experiences with the OECD Review Process, Aziz AJBILOU
The Moroccan Experiences with the OECD Review Process, Aziz AJBILOUThe Moroccan Experiences with the OECD Review Process, Aziz AJBILOU
The Moroccan Experiences with the OECD Review Process, Aziz AJBILOU
 
Crisis Communications
Crisis CommunicationsCrisis Communications
Crisis Communications
 
YUDU - Managing a Breach (LDSC Cyber Themed Evening)
YUDU - Managing a Breach (LDSC Cyber Themed Evening)YUDU - Managing a Breach (LDSC Cyber Themed Evening)
YUDU - Managing a Breach (LDSC Cyber Themed Evening)
 
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και ΝαυτιλίαMaritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
 
Cybersecurity During the COVID Era
Cybersecurity During the COVID EraCybersecurity During the COVID Era
Cybersecurity During the COVID Era
 
Maritime Cyber Security Education
Maritime Cyber Security EducationMaritime Cyber Security Education
Maritime Cyber Security Education
 
Infosecurity magazine webinar v2
Infosecurity magazine webinar v2Infosecurity magazine webinar v2
Infosecurity magazine webinar v2
 
Final national cyber security strategy november 2014
Final national cyber security strategy november 2014Final national cyber security strategy november 2014
Final national cyber security strategy november 2014
 
MASC RMA Cyber presentation by Belton Zeigler
MASC RMA Cyber presentation by Belton ZeiglerMASC RMA Cyber presentation by Belton Zeigler
MASC RMA Cyber presentation by Belton Zeigler
 
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_151973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15
 
Managing Security Risks in Manufacturing
Managing Security Risks in ManufacturingManaging Security Risks in Manufacturing
Managing Security Risks in Manufacturing
 
How to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRHow to handle data breach incidents under GDPR
How to handle data breach incidents under GDPR
 
Cybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafelCybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafel
 
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdf
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdfGramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdf
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdf
 
Showreel ICSA Technology Conference
Showreel ICSA Technology ConferenceShowreel ICSA Technology Conference
Showreel ICSA Technology Conference
 
DFS22_Main Stage_David Cox_Mastercard_041022
DFS22_Main Stage_David Cox_Mastercard_041022DFS22_Main Stage_David Cox_Mastercard_041022
DFS22_Main Stage_David Cox_Mastercard_041022
 
Will the next systemic crisis be cyber?
Will the next systemic crisis be cyber?Will the next systemic crisis be cyber?
Will the next systemic crisis be cyber?
 

More from Charlie Pownall

TalkTalk Data Breach Case Study
TalkTalk Data Breach Case StudyTalkTalk Data Breach Case Study
TalkTalk Data Breach Case StudyCharlie Pownall
 
Risky Business: The Whys and Hows of Effective Reputational Risk Management
Risky Business: The Whys and Hows of Effective Reputational Risk ManagementRisky Business: The Whys and Hows of Effective Reputational Risk Management
Risky Business: The Whys and Hows of Effective Reputational Risk ManagementCharlie Pownall
 
GDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and CommunicationsGDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and CommunicationsCharlie Pownall
 
Plans Are Useless - Preparing for & Responding to a Crisis in the Digital Age
Plans Are Useless - Preparing for & Responding to a Crisis in the Digital AgePlans Are Useless - Preparing for & Responding to a Crisis in the Digital Age
Plans Are Useless - Preparing for & Responding to a Crisis in the Digital AgeCharlie Pownall
 
Boxing Clever: How to Safeguard your Company's Reputation Online
Boxing Clever: How to Safeguard your Company's Reputation OnlineBoxing Clever: How to Safeguard your Company's Reputation Online
Boxing Clever: How to Safeguard your Company's Reputation OnlineCharlie Pownall
 
Building Trust and a Healthy Reputation from the Get-go
Building Trust and a Healthy Reputation from the Get-goBuilding Trust and a Healthy Reputation from the Get-go
Building Trust and a Healthy Reputation from the Get-goCharlie Pownall
 
An Introduction to The New Crisis Communications
An Introduction to The New Crisis CommunicationsAn Introduction to The New Crisis Communications
An Introduction to The New Crisis CommunicationsCharlie Pownall
 
Managing Online Reputation. How to Protect Your Company on Social Media
Managing Online Reputation. How to Protect Your Company on Social MediaManaging Online Reputation. How to Protect Your Company on Social Media
Managing Online Reputation. How to Protect Your Company on Social MediaCharlie Pownall
 
No Time to Think. How to Respond to Negative Situations Using Social Media
No Time to Think. How to Respond to Negative Situations Using Social MediaNo Time to Think. How to Respond to Negative Situations Using Social Media
No Time to Think. How to Respond to Negative Situations Using Social MediaCharlie Pownall
 
Issues Management In The Digital Age
Issues Management In The Digital AgeIssues Management In The Digital Age
Issues Management In The Digital AgeCharlie Pownall
 
Social Media for Crisis Communications
Social Media for Crisis CommunicationsSocial Media for Crisis Communications
Social Media for Crisis CommunicationsCharlie Pownall
 
Online Community Engagement For Government
Online Community Engagement For GovernmentOnline Community Engagement For Government
Online Community Engagement For GovernmentCharlie Pownall
 
How To Develop Social Media Strategy
How To Develop Social Media StrategyHow To Develop Social Media Strategy
How To Develop Social Media StrategyCharlie Pownall
 
Safeguarding Corporate Reputation In Social Media
Safeguarding Corporate Reputation In Social MediaSafeguarding Corporate Reputation In Social Media
Safeguarding Corporate Reputation In Social MediaCharlie Pownall
 
Top Social Media #Fails in Asia - 2013
Top Social Media #Fails in Asia - 2013Top Social Media #Fails in Asia - 2013
Top Social Media #Fails in Asia - 2013Charlie Pownall
 
Social Media for Thought Leadership
Social Media for Thought LeadershipSocial Media for Thought Leadership
Social Media for Thought LeadershipCharlie Pownall
 
How to Minimise Social Media Marketing Risks
How to Minimise Social Media Marketing RisksHow to Minimise Social Media Marketing Risks
How to Minimise Social Media Marketing RisksCharlie Pownall
 
Digital Influence: Communications Nirvana?
Digital Influence: Communications Nirvana?Digital Influence: Communications Nirvana?
Digital Influence: Communications Nirvana?Charlie Pownall
 
Social Engagement. 15 Tips From The Trenches
Social Engagement. 15 Tips From The TrenchesSocial Engagement. 15 Tips From The Trenches
Social Engagement. 15 Tips From The TrenchesCharlie Pownall
 

More from Charlie Pownall (20)

Transparent AI
Transparent AITransparent AI
Transparent AI
 
TalkTalk Data Breach Case Study
TalkTalk Data Breach Case StudyTalkTalk Data Breach Case Study
TalkTalk Data Breach Case Study
 
Risky Business: The Whys and Hows of Effective Reputational Risk Management
Risky Business: The Whys and Hows of Effective Reputational Risk ManagementRisky Business: The Whys and Hows of Effective Reputational Risk Management
Risky Business: The Whys and Hows of Effective Reputational Risk Management
 
GDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and CommunicationsGDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and Communications
 
Plans Are Useless - Preparing for & Responding to a Crisis in the Digital Age
Plans Are Useless - Preparing for & Responding to a Crisis in the Digital AgePlans Are Useless - Preparing for & Responding to a Crisis in the Digital Age
Plans Are Useless - Preparing for & Responding to a Crisis in the Digital Age
 
Boxing Clever: How to Safeguard your Company's Reputation Online
Boxing Clever: How to Safeguard your Company's Reputation OnlineBoxing Clever: How to Safeguard your Company's Reputation Online
Boxing Clever: How to Safeguard your Company's Reputation Online
 
Building Trust and a Healthy Reputation from the Get-go
Building Trust and a Healthy Reputation from the Get-goBuilding Trust and a Healthy Reputation from the Get-go
Building Trust and a Healthy Reputation from the Get-go
 
An Introduction to The New Crisis Communications
An Introduction to The New Crisis CommunicationsAn Introduction to The New Crisis Communications
An Introduction to The New Crisis Communications
 
Managing Online Reputation. How to Protect Your Company on Social Media
Managing Online Reputation. How to Protect Your Company on Social MediaManaging Online Reputation. How to Protect Your Company on Social Media
Managing Online Reputation. How to Protect Your Company on Social Media
 
No Time to Think. How to Respond to Negative Situations Using Social Media
No Time to Think. How to Respond to Negative Situations Using Social MediaNo Time to Think. How to Respond to Negative Situations Using Social Media
No Time to Think. How to Respond to Negative Situations Using Social Media
 
Issues Management In The Digital Age
Issues Management In The Digital AgeIssues Management In The Digital Age
Issues Management In The Digital Age
 
Social Media for Crisis Communications
Social Media for Crisis CommunicationsSocial Media for Crisis Communications
Social Media for Crisis Communications
 
Online Community Engagement For Government
Online Community Engagement For GovernmentOnline Community Engagement For Government
Online Community Engagement For Government
 
How To Develop Social Media Strategy
How To Develop Social Media StrategyHow To Develop Social Media Strategy
How To Develop Social Media Strategy
 
Safeguarding Corporate Reputation In Social Media
Safeguarding Corporate Reputation In Social MediaSafeguarding Corporate Reputation In Social Media
Safeguarding Corporate Reputation In Social Media
 
Top Social Media #Fails in Asia - 2013
Top Social Media #Fails in Asia - 2013Top Social Media #Fails in Asia - 2013
Top Social Media #Fails in Asia - 2013
 
Social Media for Thought Leadership
Social Media for Thought LeadershipSocial Media for Thought Leadership
Social Media for Thought Leadership
 
How to Minimise Social Media Marketing Risks
How to Minimise Social Media Marketing RisksHow to Minimise Social Media Marketing Risks
How to Minimise Social Media Marketing Risks
 
Digital Influence: Communications Nirvana?
Digital Influence: Communications Nirvana?Digital Influence: Communications Nirvana?
Digital Influence: Communications Nirvana?
 
Social Engagement. 15 Tips From The Trenches
Social Engagement. 15 Tips From The TrenchesSocial Engagement. 15 Tips From The Trenches
Social Engagement. 15 Tips From The Trenches
 

Recently uploaded

CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual serviceanilsa9823
 
LPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business SectorLPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business Sectorthomas851723
 
LPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations ReviewLPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations Reviewthomas851723
 
CEO of Google, Sunder Pichai's biography
CEO of Google, Sunder Pichai's biographyCEO of Google, Sunder Pichai's biography
CEO of Google, Sunder Pichai's biographyHafizMuhammadAbdulla5
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampPLCLeadershipDevelop
 
crisiscommunication-presentation in crisis management.pptx
crisiscommunication-presentation in crisis management.pptxcrisiscommunication-presentation in crisis management.pptx
crisiscommunication-presentation in crisis management.pptxSamahhassan30
 
Fifteenth Finance Commission Presentation
Fifteenth Finance Commission PresentationFifteenth Finance Commission Presentation
Fifteenth Finance Commission Presentationmintusiprd
 
Introduction to LPC - Facility Design And Re-Engineering
Introduction to LPC - Facility Design And Re-EngineeringIntroduction to LPC - Facility Design And Re-Engineering
Introduction to LPC - Facility Design And Re-Engineeringthomas851723
 
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With RoomVIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Roomdivyansh0kumar0
 
Board Diversity Initiaive Launch Presentation
Board Diversity Initiaive Launch PresentationBoard Diversity Initiaive Launch Presentation
Board Diversity Initiaive Launch Presentationcraig524401
 
Reflecting, turning experience into insight
Reflecting, turning experience into insightReflecting, turning experience into insight
Reflecting, turning experience into insightWayne Abrahams
 
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Nehwal
 
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...AgileNetwork
 

Recently uploaded (17)

CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
 
LPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business SectorLPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business Sector
 
LPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations ReviewLPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations Review
 
sauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Service
sauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Servicesauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Service
sauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Service
 
CEO of Google, Sunder Pichai's biography
CEO of Google, Sunder Pichai's biographyCEO of Google, Sunder Pichai's biography
CEO of Google, Sunder Pichai's biography
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC Bootcamp
 
crisiscommunication-presentation in crisis management.pptx
crisiscommunication-presentation in crisis management.pptxcrisiscommunication-presentation in crisis management.pptx
crisiscommunication-presentation in crisis management.pptx
 
Fifteenth Finance Commission Presentation
Fifteenth Finance Commission PresentationFifteenth Finance Commission Presentation
Fifteenth Finance Commission Presentation
 
Rohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Introduction to LPC - Facility Design And Re-Engineering
Introduction to LPC - Facility Design And Re-EngineeringIntroduction to LPC - Facility Design And Re-Engineering
Introduction to LPC - Facility Design And Re-Engineering
 
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With RoomVIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
 
Board Diversity Initiaive Launch Presentation
Board Diversity Initiaive Launch PresentationBoard Diversity Initiaive Launch Presentation
Board Diversity Initiaive Launch Presentation
 
Becoming an Inclusive Leader - Bernadette Thompson
Becoming an Inclusive Leader - Bernadette ThompsonBecoming an Inclusive Leader - Bernadette Thompson
Becoming an Inclusive Leader - Bernadette Thompson
 
Reflecting, turning experience into insight
Reflecting, turning experience into insightReflecting, turning experience into insight
Reflecting, turning experience into insight
 
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
 
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...
 
Call Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICECall Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
 

Maersk Notpetya Crisis Response Case Study

  • 1. NotPetya cyber attack June 2017 Reputation risk management / Crisis management / Cyber and data privacy communications
  • 3. 3Source: The Economist - 2015, 2016 • The world’s no. 1 shipping company by volume • But global shipping industry in crisis due to weak economic growth, overcapacity, localisation, shift to mail, etc • Declining profitability, pressure to consolidate and/or refocus • Maersk seen as strong in shipping, terminals and logistics; weaker in oil exploration and drilling • Pressure on Maersk to separate, spin-off or sell oil businesses • Maersk Line starting to focus on digitisation to improve efficiencies and cut costs AP Moller-Maersk – early 2017
  • 4. 4Source: AP Moller-Maersk Annual Report 2016 AP Moller-Maersk – financials (FY 2016)
  • 5. 5Sources: Brand Finance, 2018 AP Moller-Maersk – brand value (2017)
  • 6. 6Sources: Reputation Institute, 2016 AP Moller-Maersk – corporate reputation (2016)
  • 8. Maersk cyber attack – overview 8 • Maersk infected via Ukrainian tax return vendor MeDoc • Collateral damage from geo-political attack on Ukraine government, infrastructure and financial system • Full propagation of virus across whole company IT network within 7 minutes • Affected all core business units • 49,000 laptops destroyed, 1,200 apps instantly inaccessible and 1,000 destroyed, incl. the company’s central booking website Maerskline.com • Required immediate (within 2 hours) disconnection of global network • Reverted to manual systems, resulting in 20% reduction in trading volumes • Online bookings mostly resumed after 8 days • 10 days to rebuild 4,000 servers and 45,000 PCs, and restore 2,500 applications • Full IT network restored after four weeks
  • 9. Maersk cyber attack – day one timeline 9 June 27 (GMT+1) • 04.00 - Ransomware attack on Ukrainian banks, power companies etc • 11.30 - Ukraine Central Bank confirms attack on IT systems • 13.21 - Maersk publicly confirms IT systems are down • 14.02 - Symantec confirms use of Petya ransomware for attacks • 16.12 - Kapersky says NotPetya wiper destroys data, affects ~2,000 organisations • 18.15 – German email provider Posteo confirms it blocked ransom email address • 19.46 - Ukraine police confirm MeDoc is infected by NotPetya • 21.03 - MeDoc denies responsibility for attacks
  • 10. Maersk cyber attack – communications 10 • Opted for transparent communications – Regular public updates via website, Twitter – Media relations and customer communications via Whatsapp, personal email – Constant internal communications across the world – Consistent messaging across all channels and to all audiences – All communications were fact-based as opposed to misleading speculative • Led from the top – CEO and senior leadership involved in communications response from the outse – CTIO assumed control of crisis team after four days • Apologised upfront – And then focused on the fixing the hole and getting back to business as usual
  • 11. 11
  • 12. 12
  • 13. 13
  • 16. Six-month business and reputational impact 16 • Revenue (FY 2017): 30.9 bn (35.5 bn) • Operating profit/loss: -USD 1.2 bn (-1.9 bn) • Underlying profit: USD 356 m (711 m) • Market cap (after 1 year): -27% • Cyberattack costs: USD 300-350m • Global damages (est): USD 10bn+ • Brand value: +43% Sources: AP Moller Maersk Annual Report 2017; Reputation Institute, March 2019; Brand Finance, Feb 2019
  • 17. 17 Strong relative share price performance
  • 20. Maersk cyber attack lessons – 1 20 • High quality response is essential – Maersk moved quickly and decisively – Top management involved from the outset – Transparency and openness cushioned Maersk from regulators, suppliers, employees, media, etc • Ad hoc, flexible approach to crisis management can work – Incl. business continuity, incident/crisis management, leadership and other communications – So long as the incident/crisis team is experienced, methodical, objective, proactive, and decisive
  • 21. Maersk cyber attack lessons – 2 21 • Total prevention is impossible – Every organisation is exposed to cyber attacks and data breaches – No organisation is exempt from nation state attacks, which tend to be more damaging than other attacks • Historic reputation counts – Maersk’s reputation as a strong, successful industry leader helped it weather the storm • Financial impact of cyber attacks is mostly fairly limited – Goodwill often exists due to volume and nature
  • 22. Maersk cyber attack lessons – 3 22 • Learn from the incident – At all levels of the organisation – Be seen to be listening and learning from all relevant audiences on an ongoing basis – Document actions and impact carefully during and after the incident, collate and examine thoroughly, and implement the learnings
  • 23. Implications for Maersk 23 • Stronger, more comprehensive cyber protection – Need for automated cyber detection and response – Business continuity and crisis plans must be comprehensive (as opposed to asset-based), global and up-to-date – Keep business continuity and service resumption plans separate – Need for regular cyber awareness updates and incident training – Cyber insurance protection can help reduce incident costs • Allow for ad hoc response – Permit and be prepared to use non-official communications channels during an incident/crisis when necessary
  • 24. 24 FURTHER INFO +44 20 3856 3599 cp@charliepownall.com linkedin.com/in/charliepownall charliepownall.com