Cognizant, IT services provider, expects its Q2 revenue to be significantly impacted due to a ransomware incident that took place in April 2020. 

According to a ZDNet report, the ransomware incident only impacted internal networks, not customer systems. Cognizant CEO Brian Humphries said the ransomware incident impacted (1) Cognizant's select system supporting employees' work from home setups and (2) the provisioning of laptops that Cognizant was using to support its work from home capabilities during the COVID-19 pandemic.

Humphries said staff moved quickly to take down all impacted systems, which impacted Cognizant's billing system for a period of time, ZDNet reports. Some customer services were taken down as a precaution, but that the company, he said, has fully recovered from the infection and restored the majority of its services.

"While we anticipate that the revenue impact related to this issue will be largely resolved by the middle of the quarter, we do anticipate the revenue and corresponding margin impact to be in the range of $50 million to $70 million for the quarter," said Karen McLoughlin, Cognizant Chief Financial Officer in an earnings call. The incident, said McLoughlin, will incur additional and unforeseen legal, consulting, and other costs associated with the investigation, service restoration, and remediation of the breach.

Rui Lopes, Engineering and Technical Support Director at Panda Security, says the damage caused by ransomware is often predictable and, regrettably, in direct proportion to the size of the breach as well as the size of the business that was targeted. "In the case of Cognizant, the attack was true to form both in scope and severity. And, once the attack was mitigated and operations returned to normal, the true scope of the damage had just begun to be revealed, because the reputational damage caused by ransomware—especially to an IT provider—can last far longer and cause far more loss than the initial incident.”

Mark Moses, Director of Client Engagement at nVisium, notes, "This incident highlights the need for all companies, especially those transitioning to remote work, to focus on both employee education and building a robust remote work infrastructure of managed devices or DaaS, within which information security can work to harden the attack surface against bad actors. With a distributed work environment there are a multitude of additional attack vectors that can be exploited and the risks mitigated given recognition and attention from management. This attention must include both training and support of employees working remotely to recognize threats and correctly configure the home networking environment to prevent them.”

Isabelle Dumont, Vice President of Market Engagement at Cowbell Cyber, “Ransomware attacks trigger unexpected revenue loss and recovery services cost, as well as unplanned expenses over months if not years. This is exactly what cyber insurance is designed for, helping businesses in times of great financial hardship as well as providing expert resources.”