Cyberattacks add to cost of companies already reeling under covid-19

NEW DELHI: At a time when revenues have dried up, Indian companies are seeing a significant rise in their expenditure owing to a massive wave of cyberattack as most of their employees work from home amid the covid-19 lockdown.

Many companies had witnessed a 100% increase in attacks between 17 and 20 March, PWC said in its an April report.

A case in point is the ransomware attack on IT major Cognizant last month which is expected to impact its revenue by $50-70 million for the second quarter, the company said in an earnings call last week. Cognizant has a large offshore presence in India.

"While we anticipate that the revenue impact related to this issue will be largely resolved by the middle of the quarter, we do anticipate the revenue and corresponding margin impact to be in the range of $50 million to $70 million for the quarter," said Karen McLoughlin, chief financial officer at Cognizant reportedly said in the earnings call.

The ransomware attack on Cognizant isn’t a singular incident involving large organisation. World Health Organisation (WHO) has seen a five-fold increase in cyberattacks. As per the PWC report, cyberattacks on Indian companies have doubled between January and March. Remote work infrastructure is being heavily targeted, along with identity theft and malicious payload delivery.

In addition to damaging a company's brand value and reputation, cyberattacks can result in lawsuits or heavy penalties against loss of data. For instance, the proposed data protection bill in Indian parliament stipulates a maximum penalty of ₹15 crore or 4% of annual global turnover of a company for infringements.

"A successful cyberattack can shut down systems — not just for a few hours, but potentially for days or weeks. The collateral damage, such as information leaks and reputational damage, can continue for considerably longer," said DD Mishra, senior research director at Gartner.

“If the attack vector is denial of service, it can lead to loss of productivity. Ransomware attacks can have clear financial impact. In case of information loss, it can lead to compliance related lawsuits in many countries,” adds said Sajan Paul, MD, country manager, India and SAARC, Juniper Networks.

A 2019 study on cost of cybercrime by Accenture, stated that a malware attack leading to information loss among other risks can cost on an average $2.6 million annually for companies. Ransomware attacks can cost on an average $0.7 million.

“The impact of this is even higher now as businesses grapple with covid-19. Businesses are starting to realize that security can be a competitive advantage, and many are spending proactively in quantifying their risk posture to be able to measure and mitigate cyber risks in real-time,” said Saket Modi, co-founder & CEO, Lucideus.

According to an April report by Marketsandmarkets, due to covid-19 global cybersecurity market is expected to grow from $183.2 billion in 2019 to $230 billion by 2021.

“Because of covid-19 people are no longer working from a secure workplace. This has led companies to ramp up security parameters to ensure working from home is as secure. This will add to more investment,” adds Paul.

In case of Cognizant, McLoughlin expects cyberattack to lead to additional expenditure over investigation, restoration and remediation of the breach on top of the legal fees.

Mishra believes, cyberattacks are an urgent issue for financial services operations leaders to address as they maintain stability for the organization amid turbulent conditions.