TORONTO/FRANKFURT--The cyber attack that crippled Ukraine businesses and spread worldwide to shut down shipping ports, factories and corporate offices has taken a costly toll on the results of major U.S. and European companies in the latest quarter, with more to come.
While individual companies have been laid low by hacking attacks in the past, this financial reporting season marks the first time that major players across a range of industries have blamed them for significant financial damage to their results.
On Thursday, German consumer products maker Beiersdorf AG blamed the attack for a shortfall in its half-year financial results, which caused 5 to 10 days of shipping and production delays after its computer and communications froze. Six more major international companies, four based in Europe and two in Russia, which acknowledged they suffered disruption, are due to report quarterly results later in August.
The June 27 attack, dubbed NotPetya, first targeted Ukraine, taking down many government agencies and businesses there, before spreading rapidly through corporate networks of multinationals with operations or suppliers in eastern Europe. Beiersdorf, the maker of Nivea cosmetics, said 35 million euros ($41 million) worth of second-quarter sales were delayed to the third quarter and it was totting up the costs of the attack for items such as calling in outside experts, promotions and using other production sites to make up for shortfalls.
"It is very important to stress there is a cost and there will be a cost associated with this," Chief Financial Officer Jesper Andersen said. "We are still working our way through it. Our focus so far has been on recovery."
Beiersdorf said the costs would not have a material impact on its profit outlook for the full year. Its shares were down 3.1 percent in Frankfurt at 1010 GMT.
Cadbury chocolate maker Mondelez and freight logistics company FedEx Corp are among five multinational firms, three from the United States and two in Europe, which have previously reported material financial damage from the cyber "worm" that hit on June 27, in the closing days of the quarter. Mondelez, formerly known as Kraft and the world's second-largest confectionary company, reported a 5 percent drop in quarterly sales on Wednesday, blaming shipping and invoicing delays caused by the June attack.
Investors should get used to hearing about cyber attacks during earnings calls, said Ian Winer, equity co-head at Wedbush Securities. "The trend is accelerating," he said. "As hackers get more sophisticated they are taking shots at major companies."
More hackers are becoming adept at developing or finding malware to wipe data on computers, making them inoperable. Danish shipping company AP Moller-Maersk S/A, which handles one out of seven containers shipped globally, said on July 20 that operations worldwide had been significantly affected, but that it lost no corporate data to outside parties.
Maersk declined to comment and said it would address the impact on Aug. 16, when it reports second-quarter results. "We anticipate a limited impact from the cyber attack (estimates range from $50-$450 million) as it started towards the end of (the second quarter)," Jefferies analyst David Kerstens said in a note to clients. Analysts, on average, estimate the hit to Maersk results in a range of $100-$200 million.
