In this Supply Chain Matters News Capsule Follow-up posting, we highlight new information regarding our previous posting highlighting a disclosed cyberattack directed at consumer goods producer Clorox.
In August, Clorox disclosed that this attack directly impacted the company’s IT systems and infrastructure and was having a material impact on operations including the fulfillment of orders.
On Wednesday of this week, the producer warned investors in a filing that sales revenues are expected to decline between 23 percent to 28 percent for the quarter ending in September as a result of the effects of the cyberattack. Further communicated was an expected operating loss of upwards of $150 million for the quarter.
In its reporting, The Wall Street Journal indicated that Clorox was among the first to come under a new SEC regulation that went into effect on September 5th. That directive now requires listed companies to report both a material cyberattack incident and potential impacts to business and financial performance. In the specific case of Clorox, the producer disclosed that application systems had to be taken down resulting in the manual procession of inventory restocking orders from retail companies.
Business broadcasting network CNBC reported this week that in addition to Clorox, building electronic control systems provider Johnson Controls revealed last week that that company: “experienced disruptions in portions of its internal information technology infrastructure and applications.” Further communicated are concerns as to whether the incident will impact on this company’s ability to support the timely release of the company’s Q4 and full fiscal year financial results.
The CNBC report cites other manufacturers and distributors that have disclosed recent attacks, including consumer goods producer Campbell Soup’s incident during the summer, which reportedly had minimal impact, along with food producer Dole, that was targeted in a cyber incident in February that cost $10.5 million to resolve.
Other companies mentioned were a cybersecurity incident impacting Brunswick in June, that temporarily halted operations, Temper Sealy and Estee Lauder that were impacted by targeted attacks in July, and food wholesaler and distributor Sysco that suffered a data breach in January.
As noted in our prior commentary, while IT organizations generally hold responsibility for overall data and systems security, cross functional supply chain, procurement and product management teams have a critical role to play in ensuring that business processes, employee and supplier practices adhere and are managed to the highest cyber security standards.
There should be little surprise based on this update and others to come, that cybersecurity safeguards, mitigation and response remain a top priority for many companies and their production and supply chain support systems.
© Copyright 2023, The Ferrari Consulting and Research Group and the Supply Chain Matters® blog. All rights reserved.