IT services giant Cognizant has calculated it will lose between $50 million and $70 million from a ransomware incident in April, the CFO said on an earnings call.
Cognizant confirmed to clients on April 18 that a security incident involving its internal systems was causing service disruptions. The hack had Maze Team’s signature, the firm said, adding that it was providing affected customers with indicators of compromise (IOCs) and other “defensive” technical information.
During last week’s earnings call with investors, Cognizant Chief Financial Officer Karen McLoughlin said the company stands to incur substantial financial damages as a result of the hack.
“While we anticipate that the revenue impact related to this issue will be largely resolved by the middle of the quarter, we do anticipate the revenue and corresponding margin impact to be in the range of $50 million to $70 million for the quarter,” McLoughlin said, according to ZDNet.
While Cognizant’s investigation is ongoing, the company believes it has contained the attack.
“Based on the investigation to date, we believe the attack principally impacted certain of our systems and data,” the company said in its quarterly SEC filing. “The attack resulted in unauthorized access to certain data and caused significant disruption to our business. This included the disabling of some of our systems and disruption caused by our taking certain other internal systems and networks offline as a precautionary measure.
“The attack compounded the challenges we face in enabling work-from-home arrangementsduring the COVID-19 pandemic and resulted in setbacks and delays to such efforts,” the filing said. “The impact to clients and their responses to the security incident have varied.”
Cognizant expects the business disruption to hit Q2 2020 financial results. It also expects to continue to experience a loss of revenue due to disruption, “either as a direct consequence of the attack or as a result of clients suspending our access to their networks as a security precaution.”
The $50 million-$70 million range includes incremental costs for the investigation, containment and remediation of the security incident, as well as legal fees and investments to enhance the company’s overall security posture looking forward.