"Clorox and Johnson Controls Reveal $76m Cyberattack Bill"

Two new regulatory filings have revealed the surging costs associated with ransomware and other cyber-related incidents.  Clorox had a major operational disruption in an attack discovered on August 14 last year, forcing it to revert to manual ordering and processing.  A new SEC filing late last week revealed expenses associated with the incident of $49m in the six months to December 31, 2023.  The company noted that the costs incurred relate primarily to third-party consulting services, including IT recovery and forensic experts and other professional services incurred to investigate and remediate the attack, as well as incremental operating costs incurred from the resulting disruption to the company’s business operations.  Johnson Controls also revealed major losses, this time from a confirmed ransomware attack in September.  The company claimed $27 million in incident response and recovery expenses during the final quarter of 2023.  However, there’s likely more to come as it continues to count the cost of the ransomware breach.  In a statement, the company said that it expects to incur additional expenses associated with the response to and remediation of the incident throughout fiscal 2024, most of which it expects to incur in the first half of the year.  These expenses include third-party expenditures, including IT recovery and forensic experts and others performing professional services to investigate and remediate the incident, as well as incremental operating expenses incurred from the resulting disruption to the company’s business operations.
 

Infosecurity Magazine reports: "Clorox and Johnson Controls Reveal $76m Cyberattack Bill"