Corporate profits to take
more hits from Ukraine cyber attack
Send a link to a friend
[August 03, 2017]
By Jim Finkle and Eric Auchard
TORONTO/FRANKFURT (Reuters) - The cyber attack that crippled
Ukraine businesses and spread worldwide to shut down shipping ports,
factories and corporate offices has taken a costly toll on the results
of major U.S. and European companies in the latest quarter, with more to
While individual companies have been laid low by hacking attacks in the
past, this financial reporting season marks the first time that major
players across a range of industries have blamed them for significant
financial damage to their results.
On Thursday, German consumer products maker Beiersdorf AG <BEIG.DE>
blamed the attack for a shortfall in its half-year financial results,
which caused 5 to 10 days of shipping and production delays after its
computer and communications froze.
Six more major international companies, four based in Europe and two in
Russia, which acknowledged they suffered disruption, are due to report
quarterly results later in August.
The June 27 attack, dubbed NotPetya, first targeted Ukraine, taking down
many government agencies and businesses there, before spreading rapidly
through corporate networks of multinationals with operations or
suppliers in eastern Europe.
Beiersdorf, the maker of Nivea cosmetics, said 35 million euros ($41
million) worth of second-quarter sales were delayed to the third quarter
and it was totting up the costs of the attack for items such as calling
in outside experts, promotions and using other production sites to make
up for shortfalls.
"It is very important to stress there is a cost and there will be a cost
associated with this," Chief Financial Officer Jesper Andersen said. "We
are still working our way through it. Our focus so far has been on
Beiersdorf said the costs would not have a material impact on its profit
outlook for the full year. Its shares were down 3.1 percent in Frankfurt
at 1010 GMT.
Cadbury chocolate maker Mondelez and freight logistics company FedEx
Corp <FDX.N> are among five multinational firms, three from the United
States and two in Europe, which have previously reported material
financial damage from the cyber "worm" that hit on June 27, in the
closing days of the quarter.
Mondelez <MDLZ.O>, formerly known as Kraft and the world's
second-largest confectionary company, reported a 5 percent drop in
quarterly sales on Wednesday, blaming shipping and invoicing delays
caused by the June attack.
GROWING RISK FACTORS
Investors should get used to hearing about cyber attacks during earnings
calls, said Ian Winer, equity co-head at Wedbush Securities.
"The trend is accelerating," he said. "As hackers get more sophisticated
they are taking shots at major companies."
More hackers are becoming adept at developing or finding malware to wipe
data on computers, making them inoperable.
Danish shipping company AP Moller-Maersk S/A <MAERSKb.CO>, which handles
one out of seven containers shipped globally, said on July 20 that
operations worldwide had been significantly affected, but that it lost
no corporate data to outside parties.
[to top of second column]
A man types into a keyboard during the Def Con hacker convention in
Las Vegas, Nevada, U.S. on July 29, 2017. REUTERS/Steve Marcus
Maersk declined to comment and said it would address the impact on Aug. 16, when
it reports second-quarter results.
"We anticipate a limited impact from the cyber attack (estimates range from
$50-$450 million) as it started towards the end of (the second quarter),"
Jefferies analyst David Kerstens said in a note to clients. Analysts, on
average, estimate the hit to Maersk results in a range of $100-$200 million.
German mail and logistics firm Deutsche Post DHL Group <DPWGn.DE> and retailer
Metro AG <CECG.DE> also said their Ukrainian operations were infected, but have
provided no further details. Deutsche Post reports results on Aug. 8 and Metro
Group is expected to report results later in August.
Other NotPetya victims include Merck & Co Inc <MRK.N>, which last week warned
the attack had halted production of some drugs, saying it had yet to understand
the full costs associated with it.
The attack slowed deliveries at FedEx and halted production lines at British
consumer goods maker Reckitt Benckiser <RB.L>, according to accounts by those
companies. FedEx said the attack would have a "material" effect on its full-year
NASTY LINE ITEMS
Jake Dollarhide, head of Longbow Asset Management in Tulsa, Oklahoma, which
manages $85 million in assets, said he expects cyber attacks to become as common
as reports that a storm or oil prices hurt results.
Cyence, a firm that helps insurers measure cyber risk, estimated that economic
costs from NotPetya would total $850 million.
Major global cyber attacks have the potential to cause economic losses on par
with catastrophic natural disasters such as U.S. Superstorm Sandy in 2012,
Cyence and Lloyd's of London Ltd [SOLYD.UL] said in a joint report in July.
Average economic losses caused by such disruptions could range from $4.6 billion
to $121 billion, the report said.
One mysterious group known as The Shadow Brokers in April dumped a trove of
powerful hacking tools on the Internet, which security experts said were
developed by the U.S. National Security Agency. Code the group released was used
for spreading NotPetya and in the "WannaCry" attack in May on hospitals,
businesses and governments worldwide.
"As stock market investors we have to accept this brand new reality in this new
digital age," Longbow's Dollarhide said.
Most businesses are inadequately protected from cyber attacks, said Tom
Kellermann, chief executive of investment firm Strategic Cyber Ventures.
"The day of reckoning has come for shareholders," Kellermann said.
(Reporting by Jim Finkle in Toronto, Eric Auchard and Victoria Bryan in
Frankfurt and Jacob Gronholt-Pederson in Copenhagen; Editing by Grant McCool and
[© 2017 Thomson Reuters. All rights
Copyright 2017 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.