World’s fourth largest shipper hit by ransomware attack. Financial pain will likely be felt for months to come


French shipping giant CMA CGM, the world’s fourth largest shipping company, announced it was hit by a ransomware attack on September 28th. The attack reportedly paralyzed much of its global IT infrastructure. Although the company has indicated that operations have not been adversely impacted, as of today the company’s e-commerce website is still not fully operational.



CMA CGM, a private company, will not see the shareholder value losses experienced by Maersk, the world’s largest shipper, during the WannaCry ransomware attack in 2016. That NotPetya attack disrupted Maersk’s operations for 2 weeks, resulted in a 20% reduction in shipping volume during the outage, caused $300m in direct economic damage, and by Cyberhedge’s analysis led to $8.4b in value loss to Maersk shareholders.

But CMA CGM will see a drop in revenues and other adverse financial impacts in the months to come. Contrary to company statements about minimal negative impact on operations and quickly isolating the damage, company operations are always adversely impacted during ransomware attacks. This is why the financial costs are far higher and longer lasting from ransomware than from any other form of cyber-attack.

Shipping companies are increasingly susceptible to damaging operational disruptions like this as a result of years of digital transformation which has resulted in core operations being reliant on digital technology through the merging of OT and IT. CMA CGM joins MSC as high-profile breach victims in 2020. The Maersk story should have been a warning for the industry to redouble investments in security to prevent against and minimize incidents like this one. But the CMA CGM breach is a reminder that large, well-capitalized companies remain vulnerable to attack.

Once operations are fully restored, the company’s C-suite would be wise to look beyond the immediate remediation of this incident and examine its overall cyber posture, key weaknesses, and the investments not just in technology but more importantly in the ‘people, policy and process’ that underpins strong cyber governance.

And CMA CGM’s peers would also be wise to examine this incident and take the opportunity to do some scenario planning around how they would minimize the likelihood of a similar result.

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website