The attack was reportedly created huge problems to the world’s biggest carrier of seaborne freight which transports about 15 per cent of global trade by containers.  In particular, Maersk’s container ships stood still at sea and its 76 port terminals around the world ground to a halt. The recovery was fast, but within a brief period the organisation suffered financial losses up to USD300m covering, among other things, loss of revenue, IT restoration costs and extraordinary costs related to operations.

All began when an employee in Ukraine responded to an email which featuring the NotPetya Malware. The system affected and therefore operations practically had to be on hold until system’s restoration.

The attack successfully occurred regardless the measures that Maersk had in place for such events. In its Annual Report 2016, the organization had clearly stated the following: “A.P. Moller - Maersk is involved in complex and wide-ranging global services and engaged in increased digitization of its businesses, making it highly dependent on well-functioning IT systems. The risk is managed through close monitoring and enhancements of cyber resilience and focus on business continuity management in the event that IT systems, despite their efforts, are affected”.  

Although the incident was serious, the organization responded rapidly, under the supervision of CEO and top management team. A team of IT experts (including internal and external partners) mobilized to track, identify and remove malware from affected systems in order to put operations back in line, while at the same time, media handling was excellent with instant feedback to Maerks’s stakeholders about the situation.

In particular, the following actions were taken:

  1. Søren Skou, Maersk’s CEO, involved to all crisis calls and meetings in order to provide immediate guidance
  2. Internal and external communications established: Maersk sent out daily updates detailing which ports were open and closed, which booking systems were running and more.
  3. A customer focused response established. Company’s front line personnel instructed to do all actions required for customers’ satisfaction, no matter the cost.

Eight days following the attack, Maersk managed to resume taking online bookings, although some terminals (eg India) had to be handled manually.

In the aftermath of the cyber attack, Maersk seems to have adopted a new approach to cyber security. To further enhance cyber resilience, many immediate and long-term initiatives have been implemented and planned to secure the digital business, strengthen the IT infrastructure platform, enhance IT service continuity and recovery as well as reinforce business continuity plans. Also, cyber insurance has been purchased to mitigate some of the potentially negative financial impact of repeated successful cyber-attacks in the future. While in its Annual Report before the attack, the word ‘Cyber’ was recorded times, in its Annual  Report in the end of 2017, ‘cyber’ can been found 39 times in the document! In addition, cyber risk has been included in the relevant matrix as a significant factor to be assessed.

Lessons Learned

  1. No matter the preparation, there is high possibility for a cyber threat to find the “way in”. Therefore, each organisation should be prepared to respond and recover by building cyber resilience.
  2. Guidance and decisions taken by top management in operational level and media handling are vital to business continuity.
  3. Employees at all levels (low-medium-top) should be aware of possible cyber threats and response plans to mitigate damage.
  4. Response and Recovery plans should be tested and updated frequently in order to include new mitigation actions of the possible cyber threats.
  5. Being proactive is a must; therefore, an investment in organisation’s protection and employees’ awareness is proved to be more affordable than the subsequent financial loss due to cyber attack.


While speaking at the SAFETY4SEA Cyber Masterclass in May 2018, Mr. Apostolos Belokas, Managing Editor, SAFETY4SEA, provided lessons learned from recent cyber incidents and addressed future challenges.

You may view his video presentation by clicking herebelow