ISS reports ransomware attack, incurs losses from business disruption


ISS World, a Danish workplace experience and facility management company, was hit by a malware attack on February 17, 2020. As a precautionary measure, they immediately disabled access to shared IT services across company sites and countries.

ISS World publicly reported the attack on February 19, but neither disclosed the severity and type of attack, nor the extent of the damages it caused. By February 26, the share price had dropped by approximately 23 percent. As of March 2, systems were still not fully restored, and the share price had not recovered.



Contrary to management’s statement during the February 26 earnings call that “...there is still no indication that any customer data or systems have been breached,” the financial impact of this incident has little to do with customer data loss and everything to do with business disruption. The damage has been considerable even for a business that largely provides a people-based service in the form of facilities management.

As evidenced by recent business disruption events, these breaches are much more damaging to the bottom line than customer data loss events:

  1. March 2: Travelex announced an approximate $32 million hit to earnings stemming from a January ransomware attack that paralyzed banking operations for weeks.
  2. February 4: Pitney Bowes (PBI) announced a $29 million hit to free cashflow and an $18 million loss in EBITDA following an October 2019 ransomware attack that disrupted its shipping/ecommerce business. PBI’s share price has continued its downward slide since the October incident.

Earlier business disruption events, such as those at Maersk, Norsk Hydro, and Mondelez all told a similar story. Operational disruption breaches are more financially costly—and take longer to recover from—than customer data breaches. A recent FireEye blog post summed up why: “...ransomware infections—either affecting critical assets in corporate networks or reaching computers in OT networks—often result in the same outcome: insufficient or late supply of end products or services.”

Such incidents have been on the rise since 2017, and they are more financially damaging. As FireEye outlined, the primary reason these incidents have become more disruptive (and thus more financially damaging, according to Cyberhedge) is because they are increasingly moving beyond IT assets and disrupting operational technology (OT), which is traditionally separate from IT but increasingly merged amidst digital transformation efforts. This is what enables cyber criminals to directly impact production processes, like the Norsk Hydro incident in March 2019.

The rising threat of business disruptions stemming from cyber attacks places an increasing premium on strong cyber governance and the need to better balance security with growth and cost targets.

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website