Clorox and Johnson Controls Report Financial Losses from Cyberattacks

In two separate quarterly earnings reports filed with the Securities and Exchange Commission, prominent companies Clorox and Johnson Controls disclosed substantial financial losses attributed to cyberattacks, shedding light on the far-reaching consequences of such incidents on corporate bottom lines.

Cleaning product giant Clorox, in its earnings report released on Thursday, revealed a 6% decline in sales volume over the past six months, primarily stemming from a reduction in shipments caused by a cyberattack in August. The company experienced widespread disruptions, including order processing delays and significant product outages during the last quarter of its fiscal 2024 year, which ends in June 2024.

Clorox confirmed that it had not received insurance payments to cover the losses incurred due to the cyberattack. The company initially disclosed the incident on August 14, promptly taking systems offline and engaging cybersecurity experts to investigate. While automated order processing has been restored, operational impacts are still being felt.

Meanwhile, technology and industrial business multinational Johnson Controls, in its earnings report, detailed a financial setback of $27 million resulting from a cyber incident reported in September. The company, a leader in building automation, confirmed the cyber incident as a ransomware attack and clarified that the $27 million figure excluded potential cyber insurance payouts.

Johnson Controls has successfully restored all impacted applications and systems but attributed the significant financial losses to expenses associated with responding to and remediating the cyber incident. The company acknowledged ongoing investigations into the incident and is analyzing the data accessed and stolen by the hackers.

The U.S. Department of Homeland Security, in an internal memo obtained by CNN, expressed concern over the Johnson Controls incident, suggesting that it may have exposed sensitive physical security information, including DHS floor plans.

Both companies highlighted the necessity of engaging third-party experts, including IT recovery and forensic specialists, to investigate and address the cyber incidents. Clorox, in particular, had to hire consulting services to navigate the aftermath of the attack, implement business continuity plans, and manually process orders at a reduced rate of operations.

As investigations into the cyber incidents continue, both Clorox and Johnson Controls anticipate additional expenses throughout the 2024 fiscal year. Johnson Controls emphasized that the overall impact on net income and cash flows is not expected to be material, considering potential insurance recoveries.

The incidents underscore the growing threat of cyberattacks to companies across various industries and the imperative for robust cybersecurity measures to mitigate financial and operational risks.

The GRC Report is the first word in governance, risk, and compliance news. As your trusted source for comprehensive coverage, the GRC Report keeps you informed and equipped to navigate the evolving landscape of governance, risk, and compliance. And remember, the GRC Report isn't just a news source; it's a community of professionals who share your passion for GRC excellence. Don't miss out on our insightful articles and breaking news – join the conversation and empower your GRC journey.