Welcome everyone here in Oslo, and welcome also to all of you following us on the webcast. It's been a week since Hydro was hit by a sophisticated cyber attack, an attack that has affected the entire global organization. We did report the matter to the National Criminal Investigation Service, which is cooperating with relevant international counterparts. This update will be an update on the operational and financial impact for Hydro. It will be given by Chief Financial Officer Eivind Kallevik, and also with me, I have the Executive Vice President for the Extruded Solutions business area, Egil Hogna. After that, short intro, we will have a chance for a questions and answer session, and there will also be a chance for people to ask a question on the webcast.
First, I'll give the word to you, Eivind.
Thank you, Inga. Dear everyone, on site here in Oslo, and also to you following us on the webcast. A week has now passed since we were hit by a sophisticated cyber attack, posing a very serious threat to our global operations. A week later, we are relieved to be able to confirm that we are mostly managed to maintain our operations, customer deliveries, and other internal and external obligations. With some exceptions within the business area of Extruded Solutions, and in particular within the business unit, which is called Building Systems, which we will revert to shortly. Our global IT organizations, operators, and support functions have done a tremendous job in this period. Through their impressive determination, ingenuity, and experience, found new and alternative ways to keep our wheels turning despite the sudden impact of our IT capabilities.
We can only be extremely impressed and thankful to the collective efforts by our 35,000 strong organization, spread across 40 countries and more than 160 production sites. Faced with this serious threat, we have all been pulling together in the same direction to safeguard and to protect our company, our customers, suppliers, partners, and everyone else that depend on us going on as a company. As the attack hit us last Tuesday, we quickly contained the further spread of the infection through isolation of the plants and shutting down servers all across the company. We then moved over to the next stage, which was to find a cure, which would enable us to get rid of the virus and reinstalling and starting the recovery process in a safe and secure manner.
We have now reached this critical recovery phase, which we still expect to last several weeks or longer before also all of our tens of thousands of servers, computers, and systems are back up and running. In the interim, we are utilizing several available workarounds and alternative solutions to maintain and increase production for as long as it takes to reach full recovery. On the operations, Bauxite & Alumina, Energy, Primary Metal, and Rolled Products are producing as normal, as we have communicated before. However, it is important to note that this is done and does require considerable efforts in terms of alternative ways of working, workarounds in the systems, and some manual procedures, in particular within the Primary Metal and Rolled Products business areas.
As has also been previously communicated, our Extruded Solutions business area were hit the hardest by this cyber attack. They've made an enormous effort to secure and ramp up production in three of the business units in this area. Extruded Europe, Extruded North America, as well as Precision Tubing. Here, the overall production is now roughly 70% to 80% of full capacity, based on extensive use of workarounds and other interim solutions. The last business unit in Extruded Solutions, which is called Building Systems, have been hit the hardest within our system, and it's been the most difficult place to find effective workarounds. This has clearly been a very challenging situation. We have now or are in the process of installing new workarounds in this system.
We have started up some plants during today. This ramp-up will continue during the rest of the week and next week. If we look to financial implications, I know there's been a lot of interest and questions around this topic following the cyber attack. It is still early days, therefore very difficult to give a very precise number. From an overall perspective, we have made some estimates. The current estimate is that for the first full week of this cyber attack, the financial impact is roughly NOK 350 million. As we have touched upon, Extruded Solutions is the business area where we have been hardest hit. For the first week, they've been running at roughly 50% of capacity so far.
Been some deviations within the different business units in Extruded Solutions with Building Systems being hit the hardest. Based on the high level estimates, the preliminary financial estimate is in the range of NOK 300 million-NOK 350 million, with the majority of this stemming from margins and volume lost within Extruded Solutions. On top of that, we have included the first week estimate crisis management costs and some minor impacts within Rolled Products. Since the impact within Bauxite & Alumina, Energy, and Primary Metal has been very limited, no cost implications have been included in this number. If we look ahead, it is clear that there will also be a financial impact over the weeks to come, although this is expected to reduce gradually as we continue to ramp up production and production capacities within Extruded Solutions.
Again, let me just remind you that these are high-level estimates and may and will differ from the final figures. Also important to know that they do exclude any recovery of the lost business that we've had for the last few days or for the last week, and also excludes any customer implications that this will have. Also important to note that we do hold a cyber insurance policy within the company with AIG as the primary insurance carrier or the lead carrier for that insurance premium. With that, let me give the word to Egil Hogna, the executive vice president for Extruded Solutions, who will give you some more comments on the business area.
Thank you, Eivind. Should I swap to the-
Sure.
My name is Egil Hogna. I'm responsible for Extruded Solutions. As Eivind just referred to, my business area has been the worst hit by the cyberattack. At three of our business units, we are now back to 70% to 80% of production. While.
Okay, we need a new...
We need a new system.
Okay. Sorry about that.
No.
Okay.
I'm sure this looks very clever on television. I gotta take off my jacket.
Go ahead.
Okay. Okay.
Okay, we'll try again.
Sound okay now?
Yeah.
Okay. We try again.
Yeah. Okay.
Okay. I go again. My name's Egil Hogna. I'm responsible for Extruded Solutions, the business area of Hydro the worst hit by the cyberattack. As Eivind was saying, 3 out of my 4 business units are now back at 70% to 80% of production, while Building Systems is just in the process now of restarting based on workarounds. Yesterday, I visited one of our plants in Magnor in the eastern parts of Norway. That gave me a firsthand insight into what our colleagues are doing in order to be able to produce under these very challenging circumstances.
While we normally are quite a digitalized company, today we are reestablishing what used to be electronic archives with print archives in combination with limited system access to our most critical production systems. For example, a plant like Magnor is now run with less than 10 computers and a lot of extra manual work. People have been doing a tremendous effort. We have people who normally works in sales who are now helping out in production. We have some people who retired some time ago coming back supporting their workplace. I was very impressed to hear that yesterday they actually had a production record at one of the shifts. Some people were joking, saying that, you know, maybe we can do better without those IT systems.
To me, it's just an example of how our people come together when there is a crisis, with a tremendous effort to make sure our customers get their products as much on time as possible. Magnor, as a specific example, is now working on cleaning up the backlog as a consequence of the stoppages last week. In Building Systems, the situation is more challenging because that business unit has a very high number of customers, a very large product assortment with many different product variants.
As a consequence, they are more dependent on IT than other parts of the business. It takes longer time to establish the workarounds which are necessary in order to get the right profiles produced, in order to get also the right product variants out of our warehouses and putting them into kits and packages, and we deliver them to the customers. We have seen quite a bit of progress today, but we are starting from a low level. I hope that towards the end of this week, that we will get a reasonable level of production and shipments also from that business unit.
Thank you very much, Egil. Thank you, Eivind. We will open for questions, from the audience here in Oslo, and there will be a microphone passed around. Here it is. Any questions? Please introduce yourselves.
TT News Agency, Stockholm. Joakim Goksör. I wonder, the cost going forward, you said it would gradually decrease. What would the final rough estimate be for the total cost, do you think?
This would very much depend on the speed that we're able to get back to full operations. Clearly the impact was larger in the beginning of last week, on Tuesday, and we have seen the daily numbers come down during that week. Importantly now for to get extruded back up to close to 100% and get Building Systems closer to full capacity, and then it will shrink quite significantly as we go forward.
Okay, there is a question, yes.
Isabelle Bach, NTB, Norwegian News Agency. Do you know if there's any information that has been lost because of data attack? Can you say more about, do you know more, who's behind it?
When it comes to any potential data loss, we are in dialogue with the Norwegian Data Protection Authority in Norway. It is clearly a situation that we take very seriously, and we continue to look into this. It's something we're also taking all necessary precautionary steps internally to protect for any data loss, if there are any.
Reuters. On your insurance, how much do you expect insurance to compensate? What is the nature of your insurance? Is it an open-ended or there is a cap on how much you can get? Thank you.
The insurance does have a cap, or a ceiling on it, if you like. It is a cyber related insurance policy, which we signed up some years ago, which we're very happy that we have in place. It's in place and led by AIG, and it consists of several or all reputable strong insurance companies. As to the cap, that is something that for many reasons we cannot disclose externally at this stage.
Of course, I understand. Could you just tell us, do you expect that cap to cover all your losses or just a part of it? Thank you.
Of course, since we don't have the complete loss yet, because that very much would depend on the timing for any restart, it is something that we will come back to when we are back in full and solid operations.
Okay. Over there.
Anders Kalve, E24. 2 other manufacturing companies have been hit by the LockBit virus, Hexion and Momentive. Have you been in contact with them?
To my knowledge, we have not been in contact with them. Our primary focus is to restore full and normal and safe operations within our company, clean up the PCs and get the backup solutions and the recovery of our systems well installed.
Do you know if the virus infected your industrial control systems?
This is part of the ongoing research that we're doing. That is something that we are working on. Obviously, also, together with other external stakeholders to find exactly where it is. So far it's mostly on servers and operation or non-OT systems.
The industrial systems were closed, just to be sure?
Many of the OT systems have been working full out during this period.
The ransom, in all the cases it's been done in Bitcoin. Was the ransom demand here made in Bitcoin?
The ransom note is not something that we followed up at all. Our primary concern and primary target is to get operations back fully, clean our systems, use the backup systems that we do have to get operations back in a safe and sound manner.
Are anyone else following the ransom notes?
Sorry?
Are anyone else following it up?
We're not following that up.
Any other questions from the audience? Otherwise, Anders, if you could... there are some questions here from the webcast from that Diane will ask for us.
Question from Aline Gabriel, Morgan Stanley. Can you say anything about the pace of rebuilding infrastructure per day? Do some divisions have IT infrastructure that is harder to rebuild?
What we see, and we've seen several cases on, is that the first rebuild takes a bit of time. Then as we learn the process and can rewrite scripts, things are progressing and goes faster and faster in the second round and the third round. This we have seen throughout the company.
Also from Mino, why is Building Systems so badly hit?
Like I mentioned previously, Building Systems has a high number of customers, many different product variants, and a larger degree of customization of products than the other business unit. That makes it more IT dependent, and it takes longer then, due to the higher degree of complexity, to find good workarounds.
Couple of questions from Cedar Ekblom, Bank of America Merrill Lynch. Can you please talk about the process going forward to cover costs incurred via insurance? How long could this process take before Hydro secures compensation?
This will be a dialogue with the insurance companies. They are notified about the case. Based on experience on other insurance cases, is that you typically incur the costs quicker than you get the or close the insurance case. There will be a difference in timing between insurance compensation and cost incurred.
Also from Cedar, what remedial processes are you putting in place to avoid this kind of issue in the future, and what will the cost for this be?
Over the last few years, I think you can also see this if you read our annual report under risk sections, cybersecurity has been high on the risk list for Hydro. We have invested and worked quite extensively with this topic, also over the last couple of years. Obviously, as part of the learning from this experience, is that we will review all the systems and structures we have, and if we have improvements that we need to do, we will do it. It's much too early to draw any conclusions on that.
Okay, another question from NTB. How long do you think it will take for the production to be back to normal?
I think overall, if you look at the business areas today, production in Energy, B&A, Rolled, and Primary are producing as normal, but with additional workaround and manual operations. What we've seen for Extruded Solutions in the last week is that we came out of the first week around 50% of capacity. Three of the business units there are now up to 70%, 80%. We're starting to see the restart of Building Systems during today. That, of course, that will then gain speed in the days and during into next week.
Yeah.
Why was Hydro specifically attacked? What do you think was the reason? Is there any weaknesses in your system that was exposed here or something? Have you thought about this?
We have obviously spent a lot of time thinking about it, but I think it is, it's much too soon to go into any speculations as to motives or who or what is behind this attack. I also ask here for the understanding that this is. We have pressed charges with the police, and the police are currently investigating the case. I ask for respect also from that process, but I cannot go into details.
Okay. Any other questions? Yeah.
Do you know how long, for how long the attackers had access to your computers or servers?
We are currently investigating, the whole process, also doing a cleaning, and restoring. The main focus for us is to clean out the virus, restore the systems we have back, based on the backup solutions we have in place, and get back to full and safe and good operations. That's the primary focus.
Do you have any reason to think it could happen before you were aware of it?
This is part of the evaluations that we're doing. As I said, this has been, we have pressed charges, and the police is investigating this case. I'll be careful going into details, and I ask for understanding and sympathy for that on the case. Thank you.
Okay. Any more questions? We will leave it at that for today, say thank you very much for coming.