“It was eerie to come in and see everything powered down, blank screens. I immediately noticed the quiet, the hum from all the machines was gone, it was just voices,” says Maersk's employee John Ashley. “There was no panic, just an air of intense focus. There was a ‘war room’ and the analysis of what we were facing was underway. Work streams were put in place with leaders, shifts, and key supporting roles such as communication and administration. People just got to work, doing anything to help.”

“This was the worst crisis I think any of us have experienced. We were never alone, so many hands helped in this recovery. From the very first days, we got phone calls from all over Maersk from people who wanted to fly in and help, also from technology partners and other companies. Everyone pitched in,” says Adam Banks, Chief Information Officer, A. P. Moller – Maersk.

When the malware struck on 27 June 2017, the Maersk IT organisation was in the process of centralising control of the Group’s IT estate in Maidenhead. From the security of systems to upgrades and improvements, centralisation will lessen the likelihood of a similar attack happening again. At the same time, it will also enable the company to upgrade and improve (or remove) servers, applications and systems more easily.

The cyber-attack sparked some immediate improvements to security, most of which cannot be shared for security reasons. But the subsequent shutdown and reboot of global systems has helped speed up the process of centralisation and modernisation.

“Cyber-attacks are not going to go away and technology is becoming a more strategic asset in the future of our business,” says Adam Banks. “That means we need to continue what we’ve started and finish building a more secure and reliable infrastructure that can support the growth strategy of this company. We will have more to share about what this will look like and what it will mean for employees and the company when we announce the new IT strategy.”