HomeResearch & Knowledgeback to HomeCybersecurityback to Research & KnowledgeNorthmen vs. pirates: Norsk Hydro says ‘no’ to hackersback to Cybersecurity

Case Study

Northmen vs. pirates: Norsk Hydro says 'no' to hackers

By Öykü Işık and Lisa Simone Duke

14 pages

May 2026

Order this case study

Reference: IMD-7-2366

In March 2019, Norsk Hydro (a Norwegian aluminum manufacturer and renewable energy company operating across 40 countries) suffered a large-scale ransomware attack that brought its global IT network to a complete standstill. Faced with encrypted systems across 160 sites and a ransom demand payable in bitcoin, the company’s leadership made a crucial choice: refuse to pay, engage with no one, and rebuild from scratch at an estimated cost of $50 million to $70 million. This case examines the decisions Norsk Hydro made in the hours, days and months that followed, from containment and incident response to stakeholder communication and organizational restructuring. It explores the ransomware threat landscape, the economics and ethics of paying or refusing a ransom, the strategic value of transparency in crisis communication, and the governance frameworks available to organizations seeking resilience rather than mere impenetrability. Norsk Hydro’s response, which was anchored in its values of care, courage and collaboration, became an industry benchmark. Markets rewarded its openness; its reputation emerged stronger than before. The case challenges students to move beyond the immediate financial calculus and reflect on the deeper question: What kind of organization do you want to be when the lights go out? Suitable for MBA, EMBA and executive education programs in digital transformation, cybersecurity, and crisis management. Designed for a 90-minute facilitated session.

Learning Objective

Understand the cyberthreat landscape for businesses today as well as what differentiates ransomware from other kinds of cyberattacks, and as the business model behind it.
Analyze the extortion and negotiation element involved in ransomware attacks, such as how threat actors extort sums from their victims.
Understand the role of cyber insurance and cryptocurrencies in cybersecurity.
Understand the role and importance of communication in managing and mitigating the damage caused by a cyberattack.
Recognize best practices in incident response management for businesses.

Keywords

Cybersecurity, Cyberattack, Crisis Management

Settings

World/global, Norway
Norsk Hydro, Manufacturing, Energy, Renewable Energy
2019

Type

Published Sources

Available Languages

English

Related material

Teaching note

IMD case studies are distributed through case clearing houses. In order to browse the collection and purchase copies please visit the links below.

The Case Centre

Cranfield University

Wharley End Beds MK43 0JR, UK
Tel +44 (0)1234 750903
Email [email protected]

Harvard Business School Publishing

60 Harvard Way, Boston MA 02163, USA
Tel (800) 545-7685 Tel (617)-783-7600
Fax (617) 783-7666
Email [email protected]

Asia Pacific Case Center

NUCB Business School

1-3-1 Nishiki Naka
Nagoya Aichi, Japan 460-0003
Tel +81 52 20 38 111
Email [email protected]

IMD retains all proprietary interests in its case studies and notes. Without prior written permission, IMD cases and notes may not be reproduced, used, translated, included in books or other publications, distributed in any form or by any means, stored in a database or in other retrieval systems. For additional copyright information related to case studies, please contact Case Services.

Contact

Research Information & Knowledge Hub for additional information on IMD publications

Keep reading

Case Study

Northmen vs. pirates: Norsk Hydro says ‘no’ to hackers

Cybersecurity

By Öykü Işık and Lisa Simone Duke

Article

In the field with Absa

How can a financial institution turn a cybersecurity challenge into social good?

Cybersecurity Technology Management Social Innovation

By Öykü Işık and Valerie Keller-Birrer

in In the Field

9 January 2026

Article

Cybersecurity is no longer just a technical challenge – it's a leadership one

The World Economic Forum’s Global Cybersecurity Outlook 2024 notes that 91% of business leaders believe a catastrophic cyber event is at least somewhat likely in the next two years. In 2023 alone, the global average cost of a single data breach re...

Cybersecurity Disruption Leadership

By Öykü Işık, Samar Ali and Sami Khoury

in WEF Forum

9 October 2025

Case Study

Absa's Cybersecurity Academy: Combining digital transformation with doing good

Absa faced a critical rise in cyberattacks, and with the cybersecurity talent gap widening, the company urgently needed a long-term solution. To address this, former CISO Sandro Bucchianeri launched the Cybersecurity Academy in 2019, an initiative...

Diversity and Equity and Inclusion Cybersecurity Digital

By Öykü Işık, Valerie Keller-Birrer, Poornima Urs, Barbara Vettorel and Amaru Amiya

Article

Create a company culture that takes cybersecurity seriously

In the U.S. alone, the annual damage from cybercrime has increased by 33%, rising to $16 billion in 2024. The vast majority of these breaches are down to human failure, such as misconfiguration of systems and appliances, mishandling of information...

Cybersecurity

By Fabian Muhly, Jennifer Jordan, Robert B. Cialdini and Gregory P.M. Neidert

in HBR.org

24 June 2025

Article

Does your cybersecurity strategy ensure system availability?

The global IT outage that affected Microsoft in July 2024 was a critical reminder of an often-overlooked aspect of cybersecurity: availability. Use this checklist to test the availability of your systems in the wake of cyber-attack – and read on f...

Technology Management Cybersecurity

By Öykü Işık

in I by IMD Brain Circuits

5 March 2025

Article

Are you reading me? 10 key lessons from the cyber-attack on the British Library

When the British Library fell victim to a major ransomware attack it adopted a policy of full transparency. Here are 10 vital lessons businesses can learn from the incident – especially if they rely on legacy systems.

Cybersecurity

By Öykü Işık

in I by IMD Brain Circuits

30 January 2025

Article

Do you know how to spot phishing attacks?

Last year saw a nearly 60% surge in phishing attacks. While systemic defenses against such threats offer valuable protection, they are not enough. Enhance your resistance to phishing by taking this short quiz.

Cybersecurity

By Öykü Işık

in I by IMD Brain Circuits

23 January 2025

Article

How to win at digital "cops and robbers"

Companies must continually upgrade their AI-driven security measures to counter increasingly sophisticated cybercrime attacks. Implementing the following measures will help you build a secure, future-facing digital environment for your organizatio...

Technology Management Artificial Intelligence Cybersecurity

By Michael D. Watkins and Ralf Weissbeck

in I by IMD Brain Circuits

12 November 2024