$60M Expeditors ransomware cost revealed

A crippling ransomware attack on freight company Expeditors cost it $40 million in fees on lost shipping opportunities and another $20 million in investigation, recovery and remediation costs.

The numbers were revealed in Expeditors Q1 earnings May 3.

Expeditors CIO Christopher J. McClincy said in the most detailed public comment to date on the Expeditors ransomware attack that “the impact on systems related to the cyberattack has limited our ability to organize shipments. or manage customs and distribution activities, or perform certain accounting functions, for approximately three weeks after the attack,” adding that although largely recovered, “we continue to manage residual effects.”

The company was saved from the worst consequences of the attack by an extremely buoyant cargo market and surprisingly managed to grow revenue by 46% to $4.7 billion in the quarter, even as its air cargo volume and its shipping container volume decreased by 18% and 3%, respectively. due to system failures within the company.

“I have never been more proud of the adaptability of our employees – and I have never been more grateful to our loyal customers, carriers and service providers for their unprecedented level of support as we navigated this crisis,” said Jeffrey, CEO of Expeditors. S. Musser, adding, “Our core systems are up and running, thanks to the around-the-clock efforts of our entire organization. Our people have performed magnificently and we are proud of the financial results, especially considering the additional expenses and reduced volumes…”

(Musser, a highly regarded leader who started out in field operations and worked his way up,” is one of those rare CEOs with a CIO background: “His IT knowledge is essential” Outgoing CEO Oeter Rose mentioned in 2014.)

Expeditors CEO Musser thanked customers, carriers and service providers for their “unprecedented level of support.”

Expeditors ransomware costs revealed

Expeditors recorded $40 million in additional demurrage charges, with the company directly liable for charges payable to a chartered vessel that could not be loaded due to its systems failing. She recorded the costs in “customs brokerage and other services” expenses.

The $20 million for remediation after the mid-February 2022 ransomware attack “consists primarily of various consulting services, including cybersecurity experts, outside legal counsel, and other IT professional expenses,” the company said, filing it under “other operating expenses.”

CEO Musser added, “All of our products suffered as a result of the cyberattack, particularly in the first three weeks after the attack, as we quickly adapted to a new and unfamiliar operating environment in which our core systems were taken offline to protect our network.Nevertheless, our Air and Ocean businesses both outperformed the strong results of the prior year as fares remained high due to persistent supply chain bottlenecks. supply and capacity constraints, while tonnage and volumes declined primarily due to the cyberattack.

“Air freight continues to be impacted by the extreme imbalance between capacity and demand, especially with exports outside of Asia. Although the cyberattack limited our air volumes during the quarter, we continued to process shipments and serve our customers, particularly as shippers turned to air to circumvent severe disruptions at seas. Oceanic volumes, in turn, continued to be hampered by port congestion due to labor and equipment shortages, which disrupted sailing schedules and kept fares well above standards. historical. None of the issues in the air, on the water or in port have materially improved or are likely to improve in 2022.”

The initial threat vector has yet to be publicly revealed and the incident is, once again, a reminder of the critical importance of a well-honed incident response plan and recovery tools and capabilities. robust and tested disaster recovery. Chief Financial Officer Bradley S. Powell said, “We believe the bulk of cyberattack spending is now behind us. [but] we expect to continue to incur additional expenses related to other system enhancements.

See also: In Which We’re Not Kind About the WEF’s Global Cybersecurity Outlook