WestRock is the most significant ransomware attack thus far in 2021. We downgraded the company to “high risk” 9 months ago.

Why does cyber governance matter?

WestRock’s cyber vulnerabilities appear to be a byproduct of its ‘growth through M&A’ strategy. Companies, including WestRock, like to emphasize the growth opportunities and cost savings benefits of M&A with investors. But it also translates to increased cyber risk. Additionally, aggressive financial engineering limits budget resources for post-breach remediation. The company is likely to have constrained financial resources to fix what will be an expensive problem made more difficult by weak current liquidity.

What should investors look for moving forward?

…Reduction in free cash flow resulting from the current business disruption, likely depressed share price and need over the coming months to repair damage done by the breach will strain WestRock management’s ability to properly address the underlying weaknesses that would put the company on stronger footing for improved management of digital risks. We expect investors to be frustrated with the ongoing costs associated with remediation of their cyber risks. Based on similar companies’ experience, this will not be a quick fix.

Paper and packaging giant WestRock is the most significant ransomware attack in 2021. We downgraded the company to “high risk” 9 months ago. Here are the details behind it.