Cognizant: Ransomware Attack Expense at Least $50 MillionIT Services Giant Offers Update During Quarterly Financial Results Call
Cognizant estimates that the April ransomware attack that affected its internal network will cost the IT services firm between $50 and $70 million, according to the company's latest financial report filed this week.
See Also: Role of Deception in the 'New Normal'
During a call to discuss the company's first-quarter earnings results, Karen McLoughlin, Cognizant's CFO, told analysts that while the firm has restored the majority of its IT services and is working to complete its investigation into the incident, the costs from the attack are likely to continue into the current second quarter, according to a transcript provided by SeekingAlpha, a financial services website.
"While we anticipate that the revenue impact related to this issue will be largely resolved by the middle of the quarter, we do anticipate the revenue and corresponding margin impact to be in the range of $50 million to $70 million for the quarter," McLoughlin told analysts. "Additionally, we expect to incur certain legal, consulting and other costs associated with the investigation, service restoration and remediation of the breach."
Cognizant's security team first became aware of the ransomware attack on Friday, April 17, and announced the incident on April 20. The company has blamed the attack on the Maze ransomware gang (see: Cognizant: Ransomware Attack Disrupting Services ).
Bleeping Computer later reported that the Maze gang denied any responsibility.
As part of its response, Cognizant is working with law enforcement and third-party security vendors to investigate the attack. The company has not said if it paid a ransomware or has been in contact with the attackers.
A Cognizant spokesperson declined to comment, instead referring to a company statement that noted: "We responded quickly to investigate and remediate the attack. We are using this experience as an opportunity to refresh and strengthen our approach to security. We are already applying what we have learned to further harden and strengthen our security environment."
WFH and Customer Impact
During the call with analysts, Cognizant CEO Brian Humphries noted that the timing of the ransomware attack in April, which encrypted some internal IT systems, affected the company as it was preparing to expand its work-from-home initiative due to the COVID-19 pandemic.
"Not only were we dealing with COVID, but then we had a ransomware attack that encrypted servers, which actually took out some of the work-from-home capabilities that we had enabled in the prior weeks, and also slowed our ability to enable further work-from-home because of some of the systems and tools we would have used to automate and provision laptops were no longer functioning," Humphries said.
And while the ransomware attack does not appear to have affected customers' data, Humphries and others executives noted that Cognizant has held at least three calls with clients to reassure them about the firm's internal security.
"In addition, following the containment of the ransomware attack, we have meaningfully progressed in addressing the concerns of clients that have suspended our access to their networks," Humphries said. "We expect to substantially complete this by the end of the month."
Mark Moses, director of client engagement at nVisium, a security assessment and training firm, notes that ransomware incidents such as the one that affected Cognizant should serve as warning to other enterprises as they reassess their security plans while shifting workers to home offices during the pandemic.
"This incident highlights the need for all companies, especially those transitioning to remote work, to focus on both employee education and building a robust remote work infrastructure of managed devices or device-as-a-service, within which information security can work to harden the attack surface against bad actors," Moses tells Information Security Media Group. "With a distributed work environment there are a multitude of additional attack vectors that can be exploited and the risks mitigated given recognition and attention from management."
The cost estimates that Cognizant executives gave regarding the April ransomware incident are similar to those disclosed by Norwegian aluminum company Norsk Hydro, which sustained its own attack in March 2019. By November, Norsk Hydro estimated that the losses from cleaning up and recovering ranged from $50 million to $71 million (see: Norsk Hydro Breach: Update on Insurance Coverage).
When revealing its financial results, Cognizant reported first quarter revenue of $4.2 billion, which was up 2.8% compared to the first quarter of 2019. Net income, however, fell to $367 million during the first quarter of this year compared to $441 million during the same period in 2019.
Before the ransomware attack, Cognizant, which is a Fortune 500 company, withdrew its full-year financial guidance due to the COVID-19 pandemic. While based in New Jersey, the company has a large presence in India and employs over 290,000 worldwide.
Managing Editor Scott Ferguson contributed to this report.