A poor-performing CBH 2-Star rated company at the time of its’ financially damaging ransomware breach.
Why does cyber governance matter?
ISS World, a Danish workplace experience and facility management company, was hit by a malware attack on February 17, 2020. ISS World publicly reported the attack on February 19, but disclosed neither the severity and type of attack, nor the extent of the damages it caused. ISS World was a poor-performing CBH 2-Star rated company on cyber governance at the time of the breach (trending lower in the 6 months leading up to the breach).
This served as a warning for investors about the increased likelihood of a financially damaging cyber disruption. 6 months post-breach, the share price is −21% relative to peers, and the ransomware’s financial impact led to a 33% drop in annual operating income thus far.
What does the company need to do moving forward?
The reduction in free cash flow, depressed share price and continued need over the coming months to repair damage done by the breach will strain ISS World management’s ability to properly address these underlying weaknesses that would put the company on stronger footing. As a percentage of operating income, the costs to repair its systems are significant. And the company has to be careful to ensure the work done does not create new operational vulnerabilities post-implementation. An improved Cyber Governance rating would lower the probability of another damaging ransomware disruption in the future.