IT services provider Cognizant is expecting to lose between US$50 to US$70 million in the aftermath of a recent ransomware attack.
The US-based company revealed on 18 April it had been hit by a "Maze" ransomware cyber attack, resulting in service disruptions for some of its clients.
Although Cognizant claimed it responded “immediately” to the attack, it expects its upcoming second quarterly results to be negatively impacted by both the downtime and temporary suspension of customer accounts.
According to CEO Brian Humphries, the Maze attack hit Cognizant's select system supporting employees' work from home setups and laptops that Cognizant was using for home working during the COVID-19 pandemic. He added that the attack only impacted its internal network, but not customer systems.
Speaking during a first quarter earnings call, Humphries said: “First, the attack encrypted some of our internal systems, effectively defaming them and we proactively took other systems offline.
“Some clients opted to suspend our access to their networks. Billing was therefore impacted for a period of time, yet the cost of staffing these projects remained on our books.”
Humphries stressed the company had reacted quickly by “mobilising [its] entire leadership team, drawing on the expertise of [its] IT and security teams and bringing in leading cyber security experts”. He also emphasised law enforcement was contacted and that the company “decided to communicate forthrightly and transparently with [its] clients”.
“Nobody wants to be dealt with a ransomware attack,” he added. “I personally don't believe anybody is truly impervious to it, but the difference is how you manage it. And we tried to manage it professionally and maturely.”
Cognizant will now use the experience to “further harden” security across all of its systems, adding that he had a “no-regret” approach to the cost of the strengthening exercise.
Cognizant reported a Q1 2020 revenue of US$4.2 billion for the quarter ended 31 March 2020, a 2.8 per cent rise from the same corresponding period.