As technology has become a daily part of our business and personal lives and we are constantly connected, the threat and likelihood of cyber attacks have become increasingly concerning. Everyone, from massive corporations to small startups, is at risk of the devastating impact of a cyber attack event. In the news, breaches are often reported, but we rarely (to never) get an in-depth look at the cyber attack aftermath and the grueling process and costs of data recovery or data loss. In this blog, we illustrate the harsh reality of data recovery after a cyber attack, delving into resource and service disruptions, monetary impact, and the damage inflicted on a company’s brand and reputation. Also, we will delve into the recovery processes, investments, and the time required to recover, accompanied by real-life examples of businesses that faced cyber attacks and were fortunate to return from the damage.
Disruption of Services and Resources
Cyber attacks disrupt critical services and resources, affecting day-to-day operations and customer experiences. These disruptions are typically not short; businesses could look at weeks to months of them.
The temporary halt in business operations can have far-reaching consequences, affecting production, customer service, revenue, vendor payments, payroll, contractual obligations, communications, and supply chains, among other aspects.
This category encompasses the theft or loss of employee, customer, and intellectual property data. Stolen proprietary information may be held for ransom or publicized, giving competitors an edge and impacting a company’s competitive advantage.
The Cost: Financial Losses and Their Ripples
The toll a cyber attack can have on a company’s finances can be astronomical, including extensive direct costs like incident response, system repairs, and regulatory fines, as well as indirect costs like lost business opportunities and customer trust. The direct costs are measurable, extending to millions of dollars. However, businesses should be aware that it is the indirect costs that can create a lasting impact.
Direct Costs Can Include:
- The Response: A team of experts must be assembled quickly to contain, investigate, and assess the damage done by the breach. Detection and containment alone can take days to weeks, during which further damage might occur.
- Restoring Systems: A significant amount of time and resources are exhausted rebuilding compromised systems, networks, and databases. When malicious software is used it can cause physical damage to infrastructure, leading to additional costs and weeks to months to repair and replace. Also, when rebuilding lost or compromised data can also take weeks or even months, depending on the volume of data and the effectiveness of backups (do you have a sufficient backup and disaster recovery plan in place?).
- Regulatory Fines: Breaches can cause issues with compliance standing, when a business cannot be compliant with data protection regulations, hefty fines can pile on the already steep financial burden.
Indirect Costs Can Include:
- Revenue Loss: Downtime resulting from the attack can lead to revenue loss, especially for businesses heavily reliant on digital operations.
- Legal Fees: Legal battles and lawsuits can escalate costs, draining resources that could be better allocated elsewhere.
- Brand and Reputation Damage: Cyber attacks can severely erode customer trust and result in long-term consequences from brand loyalty to future business opportunities. Restoring trust will take time with consistent communication and proven security advancements are essential to rebuild relationships.
Real-Life Example: Financial and Operational Impact
The Clorox® Company (2023)
All industries have their Achilles’ heel when it comes to damaging cyber attacks, especially without a comprehensive and well-tested Business Continuity Plan (BCP). For manufacturing, such attacks can take a significant toll on the physical manufacturing function, supply chain, and shipping. The Clorox Company (Clorox) serves as a recent example of these ramifications from a cyber attack.
In August (2023), Clorox suffered a devastating ransomware attack on its Information Technology (IT) systems spread across the organization. Clorox claimed that the resulting effects were ‘expected to continue to cause disruption to parts of the Company’s business operations.’ The damage was widespread and affected their production rates, causing ‘an elevated level of consumer product availability issues,’ as well as order processing delays, product outages, shipping complications, cost of products sold, and operating expenses. The impact from this attack is registered with the United States Securities and Exchange Commission in Form 8-K submitted by Clorox on October 4, 2023.
- Net Sales: Expecting a 28% – 23% decrease compared to net sales from the previous year.
- Organic Sales: Expected to decrease by 26% – 21% for the quarter.
- Gross Margin: Will experience a significant reduction compared to the gross margin from the prior year. Initial expectations were for the gross margin to increase from the prior year. The attack caused disruption in pricing, cost savings, and supply chain optimization.
- Diluted net earnings per share (diluted EPS): Clorox is expecting a loss of $0.75 to $0.35.
- Adjusted EPS: Upfront, Clorox is expecting a loss of $0.40 – $0.00 from the impact. However, a preliminary examination excludes charges related to the long-term efforts to fix digital capabilities, productivity solutions, and other costs from the cyber attack.
- Future Outlook: Clorox is assessing the ongoing challenges, losses, and investments to recover from this cyber attack, which takes their examination and losses well into 2024 and beyond! The Clorox Company has accumulated costs up to $593 million from this one attack thus far.
This Clorox cyber attack story is another example of the importance of assessing risks and gaining a better understanding of the depth cyber attacks can have on your organization and how supply chain and manufacturing operations can experience major consequences. According to cybersecurity experts, if Clorox had conducted the right checks and balances with their security planning and systems, they could have responded quicker by locking down all systems before the ransomware could spread. Some of the key aspects of cybersecurity hygiene involve developing contingency plans and the need to solidify a good backup and redundancy plan to speed up recovery actions.
The fact that it will take Clorox more than a month to recover normal operations is not a good sign. It indicates to me that the adversary was able to penetrate the backbone of Clorox operations and impact multiple systems throughout the Clorox environment,” says Avishai Avivi, CISO at cybersecurity firm SafeBreach. “While Clorox indicated in their August notification that they have activated their Business Continuity Plan (BCP) –the fact that they have still not recovered full operational capability indicates that their BCP was not complete and did not account for this particular type of disruption. If it did, then the indication is that Clorox may have failed to exercise and test its BCP. A good BCP should have a good indication of a Recovery Time Objective (RTO). RTOs are typically measured in hours, potentially days. It is very rare that an RTO will be longer than a month,” continues Avivi.
The reality of recovery after a cyber attack is a harsh and complex ordeal that goes far beyond just technology. The monetary losses, service disruptions, and reputation damage can have far-reaching consequences. The journey to recovery requires a blend of strategic investments, technical expertise, and clear communication. By understanding the multifaceted challenges and learning from real-life examples of businesses that successfully rebounded, companies can better prepare themselves to face the growing threat of cyber attacks in today’s digital age.
Ready to improve your disaster recovery plan? Contact us today for expert guidance and solutions to keep your business running smoothly, no matter what challenges come your way.