Sopra Steria, a supplier to the UK’s NHS, has admitted a ransomware attack on its systems last month is likely to cost the company between €40 million ($48 million) and €50 million ($60 million).
Sopra Steria was hit by a new variant of the infamous Ryuk family, forcing systems offline. In an update, the firm claimed that the attack would negatively impact its gross operating margin by between €40 million to €50 million, although it expects €30 million will be covered by its cyber insurance.
The serious financial impact is due to the extensive remediation and “differing levels of unavailability” of various systems since the attack, the update said, despite the company claiming it was able to “rapidly” block the attack on discovery.
“The measures implemented immediately made it possible to contain the virus to only a limited part of the group’s infrastructure and to protect its customers and partners.”
The firm claimed it had not identified any leaked data or damage to customer systems. The slow pace of restoring systems would seem to indicate that it decided not to pay the ransom.
“The secure remediation plan launched on October 26 is nearly complete,” it continued. “Access has progressively been restored to workstations, R&D and production servers, and in-house tools and applications. Customer connections have also been gradually restored.”
The attack is expected to push Sopra Steria’s organic growth for 2020 into negative territory, by between -4.5% and -5%.
This cyber attack ranks alongside aluminium giant Norsk Hydro ($41 million) and IT services firm Cognizant (up to $70 million) as one of the most serious from a financial perspective and highlights the benefits of a robust process being in place alongside a significant cyber security insurance policy.
The post Cybersecurity costs: Sopra Steria could pay €50 million for Ryuk attack appeared first on Payments Cards & Mobile.