Tarkett reports that a cyber attack ‘has affected part of its operations since April 29 despite the IT security measures implemented by the group’, and that it has shut down its IT systems and implemented ‘necessary preventive measures to protect its operations as well as the data of its employees, customers and partners.’
Information released by publicly listed Tarkett is light on detail, but importantly the company has disclosed that there has been an operational disruption. Cyber breaches leading to operational disruption usually present the greatest financial threat to companies due to immediate lost revenues, the cost to restore operations and the cost of restoring goodwill with customers. The Mondelez NotPetya breach is an example of how costly an operational disruption can be both in time to restore operations and in financial terms. According to Bloomberg market data analysis, Mondelez lost $10.2 billion in shareholder value relative to the broad US market in the year following the breach, equal to 15 percent of the company’s total value. Looking at performance relative to global food peers, Mondelez underperformed by 10 percent in the year following the breach, equivalent to $6.8 billion dollars.
The recent example of Finablr/Travelex offers an even more dire example of the potential level of destruction a cyber breach can have due to the central function that technology plays in company operations.
Tarkett has 12,500 employees and 33 industrial sites, and reports selling 1.3m m2 of flooring every day to a wide range of customers in over 100 countries. Its B2B ecommerce channels are an important part of its sales efforts while it is likely relying on its internal IT systems now more than ever with remote work. This is a particularly poor time to have such an operational disruption. Though the extent of the financial damage is uncertain, the likelihood of such an event for any company can be lowered through strong cyber governance.