Clorox and Johnson Controls Reveal Cyberattack-Related Financial Losses

Two new earnings reports filed last week with the Securities & Exchange Commission disclosed the financial impact of cyber security-related incidents on an organizations’ profit.

American Cleanings product manufacturer, Clorox, in its regulatory filing revealed that the August 2023 attack had resulted in wide-scale operational disruptions, including delays in order processing and goods production. In addition to affecting sales and earnings, the incident forced the company to temporarily take down certain systems to contain the incident.

In its regulatory filing, Clorox reported incurring $49 million in expenses (six months ending December 2023) related to the incident.

“The costs incurred relate primarily to third-party consulting services, including IT recovery and forensic experts and other professional services incurred to investigate and remediate the attack, as well as incremental operating costs incurred from the resulting disruption to the Company’s business operations,” disclosed Clorox.

The company further went on to say in the coming period, it hopes to lessen cyberattack-related expenses, by improving and streamlining its business operations.

In a separate incident, multinational conglomerate, Johnson Controls, revealed that September 2023 ransomware attack had resulted in data theft and incident-related expenses of $27 million.

‘’These impacts were primarily attributable to expenses associated with the response to, and remediation of, the incident, and are net of insurance recoveries,’’ the filing revealed.

“The company expects to incur additional expenses associated with the response to, and remediation of, the incident throughout fiscal 2024, most of which the company expects to incur in the first half of the year”.

“These expenses include third-party expenditures, including IT recovery and forensic experts and others performing professional services to investigate and remediate the incident, as well as incremental operating expenses incurred from the resulting disruption to the company’s business operations.”

The cybersecurity incident which was discovered on September 23, 2023, impacted Johnson’ s internal IT infrastructure and applications, including specific billing systems.