Norges breach


The Norwegian Investment Fund, the world’s largest sovereign with over $1 trillion in assets, was the victim of a months-long cyber breach that resulted in a reported $10mn in losses. According to Norges, the breach was the result of a business email compromise.



Looking at this through a cyber-financial lens, a few things to note:

  • The story is noteworthy because the victim is the world’s largest sovereign wealth fund, not because of the financial damage done. If the $10 million in losses is accurate, this pales in comparison to a business-disruption type breach like a ransomware attack that can result in hundreds of millions in losses, sometimes billions in losses. In certain cases, such breaches can accelerate the downfall of companies, as happened with FINABLR/Travelex.
  • The six week time period from initial breach to discovery is not unusual. According to the Mandiant Security Effectiveness Report 2020, the vast majority of breaches are missed entirely by the affected company, and therefore go unreported:
    • Alerts are only generated for 9 percent of attacks: Many organizations have a discrepancy between their expected capabilities and the measured results
    • 53 percent of attacks infiltrate unnoticed

On a sector basis, financial services is one of the highest performing sectors on cyber governance, so high profile disclosed breaches are not as common as they are in a poor performing sector such as healthcare. And though the reported financial impact creates no cause for concern for Norges, it should serve as a reminder of the importance of cyber governance, particularly during times of crisis like today. More focus on security could be merited if the breach is a sign of underlying weakness in the fund’s overall cyber posture.

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website