Two major corporations have recently disclosed significant financial burdens resulting from ransomware and other cybersecurity incidents. The details are provided in new regulatory filings that were recently released to the public.
Cleaning product manufacturer Clorox experienced a significant operational disruption when it fell victim to an attack that was discovered on August 14, forcing the company to resort to manual order processing. Although the breach was never officially confirmed as a ransomware attack, Clorox revealed that certain systems had been taken offline to contain the incident, a response consistent with addressing such a type of cyber breach. According to a recent SEC filing, the expenses associated with this incident totaled $49 million in the six months leading up to December 31, 2023. The costs entailed third-party consulting services, including IT recovery and forensic experts, as well as other professional services aimed at investigating and remediating the attack. Additionally, the company incurred incremental operating costs resulting from the disruption to its business operations. Despite the significant costs incurred, the company did not recognize any insurance proceeds related to the cyber-attack during that period. They also mentioned that the timing of recognizing any potential insurance recoveries may differ from the timing of recognizing the associated expenses. The company did however, express its hope that the expenses related to the cyber-attack would decrease in future periods.
In a separate but related announcement, the buildings management conglomerate Johnson Controls reported losses in connection with a confirmed ransomware attack that took place in September. The company disclosed that it had accrued $27 million in related expenses during the final quarter of 2023. Furthermore, it is anticipated that additional costs will be incurred as the company continues to recover from the ransomware incident. These additional expenses primarily cover third-party expenditures, including IT recovery and forensic experts, and other professional services aimed at the investigation and remediation of the incident, as well as incremental operating costs resulting from the disruption experienced by the company’s operations. Johnson Controls also mentioned that the breach affected its billing systems, impacting cash flow, although the impact on net income was expected to be less significant. The company stated its intention to seek reimbursement for a significant portion of these direct costs through its insurance coverage.
The financial disclosures from Clorox and Johnson Controls serve as a stark reminder of the substantial impact that cyber-attacks and ransomware incidents can have on businesses. The substantial expenses incurred for incident response, recovery, and remediation highlight the need for organizations to invest in robust cybersecurity measures in order to mitigate the risk of such attacks and protect their financial stability. As these two prominent companies continue to grapple with the aftermath of these incidents, it is evident that the financial implications of cybersecurity breaches are a growing concern for businesses of all sizes and industries. This case underscores the importance of proactive cybersecurity measures to safeguard against potentially devastating financial losses resulting from cyber-attacks. As the threat landscape continues to evolve, organizations must remain vigilant and prioritize cybersecurity to protect their assets, preserve their operations, and safeguard their financial health.
English 
Albanian 
Serbian 
Croatian 