Danish company Demant expects to suffer huge losses due to cyber attack

Danish hearing health care company Demant has estimated it will lose between $80 and $95 million due to a recent “cyber-crime” attack.

Though the company has yet to share details about the “IT infrastructure incident”, it is widely believed to be the work of ransomware-wielding attackers.

What is known?

The attack started on September 2 and, apparently, the company quickly decided to shut down IT systems across multiple sites and business units:

Still, the reaction wasn’t quick enough and the attack resulted in key business processes (including R&D, production and distribution) being impacted.

Production sites in Poland, Mexico, Denmark and France have been affected, and so have the company’s clinics around the world, which resulted in them being unable to service end-users in a regular fashion, as they were unable to generate new appointments.

The company has said that, thanks to their quick response, data back-up was overall intact, enabling them to recover in a structured and efficient way.”

Most of the predicted loss in revenue is due to the estimated lost sales and weakening of growth momentum, especially in the US. This estimate includes recovery costs (around $7 million) and takes into consideration an expected insurance coverage of approximately $14.5 million.

“The cyber-crime has had a significant impact on our ability to generate the growth we expected for the second half-year, and even though our commercial operations are doing their utmost to make up for the impact of the incident, we are in a situation where we cannot execute on our ambitious commercial growth activities to the planned extent,” said Søren Nielsen, President & CEO of Demant.

“We are working around the clock to return to our growth-oriented business focus, while minimising the impact on customers and users of our products. We are grateful for the patience and loyalty shown, and the Demant organisation will continue to approach the incident with extreme dedication until we are completely recovered and have re-established what was severely disrupted by the incident.”

The cost of a ransomware attack

It’s no wonder that attackers wielding ransomware have moved from hitting end users to targeting companies: with losses like these, who wouldn’t be tempted to pay a much smaller (though still hefty) ransom to quickly recover their systems and business capability?

European businesses, though, seem loathe to do it.

Norwegian aluminum producer Norsk Hydro declined to pay the ransom lost $35-41 million in the first week following the attack and later estimated they would suffer additional losses of $23-29 million.

Aebi Schmidt, ASCO Industries, Eurofins suffered serious disruptions (though Eurofins said that its business interruption insurance coverage should cover most of the losses).

Ransomware attackers go after all kinds of businesses and organizations: corporations, hospitals, schools, city governments… The size of the organization seemingly doesn’t matter, but some smaller ones have paid the ultimate price for insecurity, as they were forced to permanently close their doors due to these attacks.

In the meantime, insurance companies are – unintentionally but effectively – fueling a rise in ransomware attacks.