Sticking to company values in a cyberattack.
The screens went red and the ransom message appeared. This was a cyber attack on a global supplier of aluminium. 170 sites worldwide. Those who noticed it wore hard hats and worked on the factory floor. The need to keep production going was ingrained. The paper orders could keep them going for a few hours, but it was time to find the manual drawings in lever arch files.
Further up the chain, they had to decide whether to pay. Norsk Hydro took the decision not to negotiate.
Their company values are care, courage and communication. These elements guided their response.
Communication became key. Calling down the chain and using social media they let both internal and external stakeholders know what was happening. The choice to keep it all quiet, or be transparent was made. Open and frequent communication became the principle strategy.
The workforce pulled together. They came out of retirement, took on different roles and adapted. Hydro Magnor in Norway ran on manual mode. Press releases by Norsk show interviews with the workers and describe them as “heroes who stepped up”.
Suppliers who wanted payment were asked to fax payment details, so those who had fax machines got paid first. Salespeople worked on the production floor. Finance people made sandwiches for the teams. Getting the employees on board enabled them to limit the impact. External stakeholders appreciated the openness and daily press briefings.
As part of the communication value, the development of an external website was speeded up to inform the outside world. Journalists were invited in to meet the “cyber heroes”, the workers who had been affected and tell their story.
Where did this leave Norsk Hydro?
The BBC reports this cost £45million to fix. The share price rose as the recovery took place. Head of Cyber at the United Nations tweeted it was amazing to have such a transparent policy. They have received the Norwegian Communication Association Transparency Award. There was appreciation from the external stakeholders that they knew what was going on.
In dealing with COVID, one year after the cyberattack, Norsk has continued to release videos on YouTube, letting customers know what they are doing, and showing interviews with staff members at work. The focus on health and safety and the pride that they are able to continue to provide a service are emphasized, with an approach which feels genuine.
Values are a standard of behaviour, and have a worth. Norsk Hydro shows us what this looks like when these are challenged, and the potential gains from holding on to them.