A Tesla employee prevented an alleged ransomware attack on the company earlier this month, according to an unsealed criminal complaint from the FBI. According to the complaint, the alleged criminal, Egor Igorevich Kriuchkov, attempted to recruit the Tesla employee outside Reno where the “Gigafactory” manufacturing facility is located.
CEO Elon Musk referred to the attack as “serious” on Twitter.
Much of the focus has been on the possible parties and motives behind the attack. But what matters for investors is that Tesla’s operations could have been disrupted and potentially caused significant financial damage. The operational disruption risk is the reason Musk referred to it as a ‘serious attack’. If the attempt was successful, it is possible that the ransomware incident could have adversely impacted production at the Gigafactory.
Tesla has encountered public cyber incidents before. In September last year, we explained some of the operational risks the company faces:
Since its inception, Tesla has operated more like a software company than an automobile company. Its’ characteristic ‘speed and agility’ created competitive advantages by enabling the company to roll out innovations much quicker than competitors. But a greater reliance on software has also resulted in greater cyber vulnerabilities that have in turn led to occasional operational flaws in the cars. The theft of sensitive documents from Tesla and other major auto companies (VW, GM, Toyota), disclosed in June 2018, further highlights the significant risks that extend through the supply chain, in this case a third party robotics vendor. The breach of Tesla’s autopilot is a reminder that as a company that relies upon software to operate (and has used its software as the market differentiator), its ability to manage the downside impacts of the same technology is critical to its financial future. Currently, however, Telsa’s investors and customers have no way of knowing how well the company is doing in this regard until a breach occurs.
The questions investors should be asking isn’t ‘who was responsible for this attempted hack?’ but how financially damaging would a cyber-related operational disruption be to Tesla and how well prepared is the company to minimize the risk?
A quick look at the impact of recent cyber incidents is a good example why:
|Ex-post event||Economic loss as a % of operating income|
|Cognizant||Est. 9-13% pending earnings|