Advertisment

The High Cost of Cyber Insecurity: Johnson Controls' $27M Lesson

The ransomware attack on Johnson Controls in September 2023 underscores the high cost of cyber insecurity, with the company incurring a $27m loss, far exceeding the average cost of a data breach.

author-image
Safak Costu
New Update
The High Cost of Cyber Insecurity: Johnson Controls' $27M Lesson

On a chilling day in September 2023, technology giant Johnson Controls fell victim to a ransomware attack that left its financial records bleeding red. The cyber onslaught, orchestrated by the nefarious Dark Angels threat group, cost the multi-industrial leader a staggering $27 million, a figure projected to climb in the aftermath of the breach.

Advertisment

The Cost of Cybersecurity Negligence

The hefty price tag associated with this attack was not born out of the initial $51 million ransom demanded by the Dark Angels. Rather, the significant financial burden stemmed from the company's subsequent response and remediation efforts, coupled with expected insurance recoveries. The revelation, encapsulated in a quarterly report filed with the SEC, underscores the latent financial implications of cybersecurity breaches and the importance of proactive defense strategies.

A Wake-Up Call for Corporate Cybersecurity

Advertisment

Darren Williams, CEO and Founder of cybersecurity firm BlackFog, seized the opportunity to shed light on this critical issue. He emphasized that the costs incurred by Johnson Controls eclipse the average cost of a data breach, currently standing at $4.54 million. The incident served as a stark reminder that the real expense of a cyber attack often extends far beyond the immediate financial demands of cybercriminals.

Prevention: The Best Cure

Williams further highlighted the potential long-term costs, including those tied to the potential repercussions of exfiltrated data. He urged companies to adopt a preventive approach to cybersecurity, contending that it is far more effective than scrambling to mitigate the consequences of an attack. The situation at Johnson Controls emphatically echoes this sentiment, demonstrating that it is not enough for companies to wait for a breach to occur before taking action.

This incident stands as a cautionary tale for other corporations, a stark reminder of the grave consequences of underestimating the importance of robust and proactive cybersecurity measures. As the dust settles, the enduring effects of this cyber assault on Johnson Controls will serve as a sobering testament to the true cost of cyber insecurity.

Advertisment
Advertisment