Large companies are reluctant to publicly talk about breaches, let alone the financial impact they have
Large companies are reluctant to publicly talk about breaches, let alone the financial impact they have

A company hit by last week's Petya/NotPetya ransomware campaign has already announced losses in the tens of millions. Reckitt Benckiser, an international consumer goods giant, has announced that last week's assault on its network may take a £100 million bite out of the company's revenue.

The Petya/NotPetya attack dealt a major blow to the company's normal operation, hamstringing production and hitting delivery capability in a number of locations.

Brands affected included Nurofen, Dettol and Durex.

While much of the damage has been reversed, the company admitted in a statement, "The attack did disrupt the company's ability to manufacture and distribute products to customers in multiple markets across the RB Group.”

As a result, Reckitt Benckiser could not make certain deliveries by the end of the quarter.  The company added, "Some of our factories are currently still not operating normally but plans are in place to return to full operation."

Due to the proximity of the attack to the end of the quarter, Reckitt Benckiser could calculate that the attack will result in like-for-like sales falling by two percent in the second quarter of 2017.

“It is rare to see that financial impact detailed so soon after an attack and it does bring home the sheer scale of the impact cyber-attacks as whole are having on global plc,” David Navin, corporate security specialist at Smoothwall, told SC Media UK via email. “Reckitt Benckiser is one organisation and is estimating a £100m loss – imagine what that figure reaches if you add in all the attacks that don't reveal monetary impact!”

Many may not have heard the name Reckitt Benckiser before, but they will certainly have heard of, if not bought, its products. The Dutch-British firm employs around 37,000 people in over 60 countries and has made everything from Dettol antiseptic to Durex condoms to Nurofen to Cillit Bang to French's Mustard in its near 200-year lifespan.

In the grand scheme of things this bite out of its revenue may look like just a nibble for a company that listed £9.8 billion in revenue last year.

The company has already said it plans to recover some of that lost revenue going into the third quarter, although the disruption to its factories means some permanent revenue loss.

A number of multinationals have reported a prolonged recovery to the attack. Continuing IT problems have been reported by FedEx customers, and shipping firm Moller Maersk has been forced to reroute ships due to “debilitated IT systems”, The Financial Times reported.

The damage will have been particularly profound in the case of the Petya/NotPetya attacks. Victims eventually became unable to recover their data even if they had paid the ransom as the ransomware did not contain its own installation ID, making it impossible for even its masters to decrypt data.

This admission is a rare moment of candour for a multinational like Reckitt Benckiser. Companies big or small are rarely eager to publicise their breaches.

“While Reckitt Benckiser has spoken openly about the impact of this cyber-attack, many organisations have hidden cyber-attacks out of fear of reputation damage and litigation,” Paul Farrington, manager of EMEA solution architects at Veracode, told SC.

Recent research from Veracode highlighted the impact of such a disclosure, pointing to AOL, which suffered a 23 percent drop in share price one month after a breach in 2014.