Costly cyber attacks are having a bigger impact on corporate earnings and are becoming a fact of life for companies as Oreo cookie maker Mondelez, drug maker Merck and others said that a destructive "worm" attack in the last week of the second quarter disrupted operations.
Mondelez International Inc., the world's second-largest confectionary company, reported a 5 percent drop in quarterly sales on Wednesday, blaming shipping and invoicing delays caused by the June 27 attack of the worm, known as NotPetya.
Other NotPetya victims include Merck & Co. Inc., which last week warned that NotPetya had halted production of some drugs, saying it has yet to understand the full costs associated with the attack.
The attack also slowed deliveries at FedEx Corp., disrupted port operations of shipping company A.P. Moller-Maersk A/S and halted production lines at British consumer goods maker Reckitt Benckiser PLC, according to accounts by those companies.
Investors should get used to hearing about cyber attacks during earnings calls, said Ian Winer, equity co-head at Wedbush Securities.
"The trend is accelerating," Winer said. "As hackers get more sophisticated they are taking shots at major companies."
More hackers are becoming adept at developing or finding malware to wipe data on computers, making them inoperable.
One mysterious group known as The Shadow Brokers in April dumped a trove of powerful hacking tools on the Internet, which security experts said were developed by the U.S. National Security Agency. Code the group released was used for spreading NotPetya and in the "WannaCry" attack in May on hospitals, businesses and governments worldwide.
Jake Dollarhide, head of Longbow Asset Management in Tulsa, Oklahoma, which manages $85 million in assets, said he expects cyber attacks to be as common as reports that a storm or oil prices hurt results.
Cyence, a firm that helps insurers measure cyber risk, estimated that economic costs from NotPetya would total $850 million.
Major global cyber attacks have the potential to cause economic losses on par with catastrophic natural disasters such as U.S. Superstorm Sandy in 2012, Cyence and Lloyd's of London Ltd. said in a joint report in July. Average economic losses caused by such disruptions could range from $4.6 billion to $121 billion, the report said.
"As stock market investors we have to accept this brand new reality in this new digital age," Longbow's Dollarhide said.
NotPetya is a destructive self-propagating "worm" capable of spreading quickly across computer networks, crippling computers by encrypting hard drives so that machines cannot run.
It has taken victims weeks to get factories and other critical systems back online because businesses must individually replace damaged hard drives.
Most businesses are inadequately protected from cyber attacks, said Tom Kellermann, chief executive of investment firm Strategic Cyber Ventures.
"The day of reckoning has come for shareholders," Kellermann said.
The following is a list of some companies that reported NotPetya disrupted their operations and earnings:
Mondelez International Inc (MDLZ.O), a packaged food producer that makes Oreo cookies and Cadbury chocolate, said net revenue was down 5 percent in the second quarter because of the cyber attack and currency headwinds. The malware affected Mondelez's Windows-based software and its shipping process.
Drug and vaccine maker Merck & Co Inc (MRK.N) said on July 28 that NotPetya halted the production of its drugs, which would hurt profits for the rest of the year. Merck said it was confident it could maintain supply of its top-selling and life-saving drugs, but warned of temporary delays in other products, which it did not identify.
Reckitt Benckiser Group
Reckitt Benckiser Group (RB.L), a British consumer goods company, said on July 24 the NotPetya virus attack had affected its systems and manufacturing sites. The company cut its full-year sales forecast from growth of 3 percent to 2 percent.
Package delivery company FedEx Corp (FDX.N) said the NotPetya attack would have a "material" effect on its full-year results. Weeks after the attack, its Netherlands subsidiary still experienced service delays.
© 2023 Thomson/Reuters. All rights reserved.