Biggest cyberattack ever caused $15 billion loss to customers of companies directly hit, though banks softened impact, study says

31 Jul 2020 12:00 pm by Neil Roland

laptop

The most damaging cyberattack ever, by Russian military intelligence on Ukrainian infrastructure in 2017, caused a $15 billion loss to customers of companies directly hit, with bigger losses for customers with fewer alternative suppliers, a federal study said.

“This result highlights the importance of building more resilient supply chains to mitigate the effects of disruptive cyberattacks as well as other shocks, including the Covid-19 pandemic,” the US Federal Reserve Bank of New York study said.

Firms that were customers of shipping giant Maersk, postal delivery company FedEx and pharmaceutical multinational Merck, among others, were able to avoid major hits to employment or investment by drawing down bank credit lines.

They were charged higher interest by the banks due to increased risk, researchers said.

“Reliable access to external finance allowed affected customers to absorb the loss in profitability,” the paper said.

— Loss —

The Russians’ so-called NotPetya hacking, intended to paralyze the computer networks of Ukrainian banks, firms and government, inadvertently spread beyond its original target, the paper said.

Some companies that were directly hit, including Ukrainian subsidiaries of global corporations, halted operations for weeks, harming productive capacities of their customers around the world.

These customers incurred lost profit conservatively estimated at $15 billion. These losses exceeded the billions to directly hit corporations, according to the paper.

— Recommendations —

The paper recommended that companies compartmentalize their network infrastructure, scrutinize cybersecurity of third-party suppliers and keep at least one backup facility that’s offline at any time. Maersk’s Ghana office happened to be offline due to a blackout, enabling the shipping company to restore its networks.

Companies also should try to maintain a “resilient” supply chain by having multiple options for each intermediate good or service so that no single supplier is irreplaceable, the paper said.

Finally, the intelligence community should establish “credible deterrence” for large cyberattacks to give state-sponsored hackers an incentive to put controls in place to ensure the attack doesn’t spread, the paper said.

Cyberattack costs for the average large company rose 75 percent, to $13 million, or 3 percent of revenue, in 2018 from five years before.

Related Articles