The Norwegian Investment Fund, the world’s largest sovereign with over $1 trillion in assets, was the victim of a months-long cyber breach that resulted in a reported $10mn in losses. According to Norges, the breach was the result of a business email compromise.
Looking at this through a cyber-financial lens, a few things to note:
- The story is noteworthy because the victim is the world’s largest sovereign wealth fund, not because of the financial damage done. If the $10 million in losses is accurate, this pales in comparison to a business-disruption type breach like a ransomware attack that can result in hundreds of millions in losses, sometimes billions in losses. In certain cases, such breaches can accelerate the downfall of companies, as happened with FINABLR/Travelex.
- The six week time period from initial breach to discovery is not unusual. According to the Mandiant Security Effectiveness Report 2020, the vast majority of breaches are missed entirely by the affected company, and therefore go unreported:
- Alerts are only generated for 9 percent of attacks: Many organizations have a discrepancy between their expected capabilities and the measured results
- 53 percent of attacks infiltrate unnoticed
On a sector basis, financial services is one of the highest performing sectors on cyber governance, so high profile disclosed breaches are not as common as they are in a poor performing sector such as healthcare. And though the reported financial impact creates no cause for concern for Norges, it should serve as a reminder of the importance of cyber governance, particularly during times of crisis like today. More focus on security could be merited if the breach is a sign of underlying weakness in the fund’s overall cyber posture.