Ransomware attacks on Brown-Forman and Carnival will hit their financials in coming months


US wines and spirits company Brown-Forman suffered a ransomware attack this week. Though unconfirmed, REvil is believed to be responsible, a criminal enterprise which is also responsible for the Travelex attack that sent that company into administration. Per a company statement, “our quick actions upon discovering the attack prevented our systems from being encrypted.”

In a separate incident, Carnival Corporation, the largest cruise company in the world, warned customers and employees that their personal information may have been seized in a breach. The breach was reportedly detected over the weekend when hackers encrypted a portion of its information technology systems.



Little is known about the extent of the disruption within Brown-Forman, but one thing is clear: the most significant financial impact will result not from lost customer or employee data but from the disruption to the company’s operations. The near-term financial impact will likely include a loss of operating income stemming from issues such as the cost to repair the infrastructure and systems impacted. This will likely become more clear in the coming months, possibly at the time of the company’s Q3 earnings.

The Carnival breach could not have come at a worse time as the struggling company has reported record losses since services were suspended five months ago, and it was just set to relaunch services in Europe. Importantly, the breach should not come as a surprise to shareholders. Carnival reported a public breach of sensitive customer data as recently as last year.

According to an August 17th statement, the company, “does not believe the incident will have a material impact on its business, operations or financial results.” This is most certainly false. Simply look at the impact ransomware attacks have had on the operating income of companies just this year:

Ex-post eventEconomic loss as a % of operating income
ISS World33%
CognizantEst. 9-13% pending earnings
Pitney Bowes14%

More will become known about the financial impact during Carnival’s Q3 earnings. But for both Carnival and Brown-Forman, it will come in multiple stages over the next several months. The costs will include the immediate financial hits followed by likely commitments by management to invest additional resources in security, with the aim of lowering the probability of another similar attack occurring in the future. Consider Cognizant CEO’s remarks during its July 29 earnings call in reference to its ransomware attack: “…we’ve also begun what we expect will be a multi-quarter initiative to refresh and strengthen our approach to security.” Unsurprising considering its breach was cited as a key reason for the company’s YoY quarterly revenue decline.

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website