Business disruption at chocolate manufacturer due to global cyber attack


In June 2017, the world's second largest confectionery company was affected by the global ransomware attack called NotPetya which was an untargeted campaign without a specific intended victim. Many of the impacted companies were infected after downloading a routine update for an accounting application tainted by the attackers.

Employees experienced operational difficulties to the extent that the attack caused a 5% drop in sales that quarter.

The company reported overall related costs as being $180 million, with $84 million spent cleaning up the attack, investigating its causes, removing the malware and restoring their systems and operations.

In early 2019, the company filed a legal case against its cyber insurer regarding its claim for damages incurred from the NotPetya attack which was believed would have far-reaching implications for the cyber insurance industry specifically as to the viability of war exclusion clauses.

In November 2022, it was reported that the company and their insurers had reached a settlement but details of the settlement were not disclosed publicly.

Book a consultation

Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:


  • Cadbury
  • Mondelez International, Inc.

We've done the analysis so you can make the decisions

When purchasing a minimum of 5 Case Studies
$699.99 if buying less than 5.

  • Detailed cause & effect analysis
  • Lessons learnt catalogued
  • Preventive controls extracted
Add to Cart
Heads up! Want to try before you buy? You can download our FREE demo case study here