CSO: SEC Filings Reveal Hidden Ransomware Costs, Losses CSO, the global company that provides news and analysis on security and risk management, reported that the ran- somware scourge reached unprecedented levels in 2021, with ransomware threat actors demanding, and often re- ceiving, ransom payments in the millions of dollars. The world’s largest meat processor, JBS, confirmed in June 2021 that it paid the equivalent of $11 million in ran- som to respond to the criminal hack against its operations. The actual costs of ransomware attacks, including lost revenue, can far eclipse the simple dollar amount of any ransom paid. For most private companies, the costs of ran- somware attacks can be hidden from view, which is one reason why mandatory ransom payment reports for all or- ganizations recently became law. On the other hand, publicly traded companies are obligated to report to the U.S. Securities and Exchange Commission (SEC) any cyber incidents that materially af- fect their operations, including ransomware attacks. Most publicly traded corporations registered with the SEC fulfill this obligation by reporting these attacks on an SEC form called 8-K. (Note: the SEC is developing plans to require all publicly traded firms to report material cybersecurity inci- dents within four days after the registrant determines that it has experienced such an incident.)
CSO’s examination of 8-K filings at the SEC found 30 publicly traded companies that reported a ransomware incident, paid ransomware-related expenses, or received ransomware-related insurance reimbursements during 2020 and 2021. Although most of these filings deemed the ransomware attacks as not material or lacked data to spell out the costs experienced in dealing with the inci- dents, seven contained sufficient cost data to shed light on how high the costs of a ransomware incident can go. Norcross, Georgia based WestRock was hit by a ran- somware attack on January 23, 2021, that disrupted its IT and operational technology systems. The company said that the impact on net sales and segment income from the lost sales and operational disruption during its second quarter of 2021 was $189 million and $80 million, respec- tively. WestRock also said it incurred approximately $20 million of ransomware recovery costs, primarily profes- sional fees. WestRock said it expects to recover the ran- somware losses from cyber and business interruption in- surance in future periods. Visit csoonline.com for more on CSO, serves enter- prise security decision-makers and users with the critical information they need to stay ahead of evolving threats and defend against criminal cyberattacks. With incisive content that addresses all security disciplines from risk management to network defense to fraud and data loss prevention, CSO offers insight to support key decisions and investments for IT security professionals.
We’ve got our customers covered… …with our fiberglass backed, boltless, full double-wide blankets and an extensive inventory of corrugated parts needed by virtually every box plant in the country. The innovator of the original fiberglass-backed knuckle locking anvil cover, Stafford is the industry’s go-to source for everything corrugated. TM
www.go2stafford.com 800-282-5787 IS THE MANUFACTURER OF STAFFORD ANVIL COVERS ®
18
www.boardconvertingnews.com
March 28, 2022
Made with FlippingBook - Online Brochure Maker