The ransomware attack on Maersk last june will cost the company between an estimated 200-300 million dollars. The question is still if these ransomware attacks could have been prevented by ISO27001 implemented information security controles. That is difficult to say. The best guess I could make is that it would probably help to reduce the risks by implementing the right security controls.
The business case for corporate companies to have their information security up to date is clear to me with the costs of a single ransomware attack which apparently didn’t aim the company in the first place but was originated in the Ukraine. Depending on the companies size and complexity in the case of Maersk I am sure that making Maersk secure would cost far less than the loss they have now in terms of production, corrupted networks, PC’s and container terminals out of order.
The lesson of Maersk for other companies would be to implement as soon as possible the ISO27001.