ISS Update On The Impact Of Malware Crisis 

• Content
• News
• ISS Update On The Impact Of Malware Crisis 

20 March 2020 | Updated 07 December 2021

In an official company announcement, ISS World has today confirmed that they have regained control of “the vast majority” of their IT infrastructure.

This update comes after contracted staff at Lewisham and Greenwich NHS Trust experienced issues with their pay, with ISS apologising about the “administrative error”.

The statement confirmed that neither the malware attack nor the payroll issue has affected on-site services: “The nature of our business is to deliver services on customer sites, mainly through our people, and as such we have been able to continue our service delivery uninterrupted to the vast majority of customers.”

Today’s press release suggests that ISS expects their business-critical systems to return to normal functioning during Q2 2020. Currently, the company says they have regained control of the “vast majority” of their IT infrastructure and are “systematically relaunching business-critical systems, albeit with somewhat reduced functionalities”. This includes central finance systems supporting payroll and invoicing. 

The process for restoring and rebuilding the system is expected to be completed by the end of 2020

"The nature of our business is to deliver services on customer sites, mainly through our people, and as such we have been able to continue our service delivery uninterrupted to the vast majority of customers. There is still no indication that any customer data or sensitive personal employee data has been compromised as a result of the malware attack."

–ISS Press Release

 

Financial impact

Here is a breakdown of the financial impact of the cybersecurity incident:

• The incremental costs of the incident relate to: remediation of the IT incident, workarounds to enable the delivery of service to customers, duplication of costs associated with operating their contracts, and service underperformance as a consequence of system down-time
• These costs are estimated to be DKK 300-500 million in 2020
• The net incremental capital expenditure related to the rebuild is expected to be DKK 150-300 million in 2020
• The rebuild of the IT infrastructure non-cash write-down is expected to be up to DKK 350 million
• The net incremental capital expenditure related to the rebuild is expected to be DKK 150-300 million in 2020
• The isolated, combined net negative impact on free cash flow related to the IT security incident is estimated to be DKK 450-800 million, with the majority of the impact in the second half of 2020 and some spill over into 2021

To read more about what FM can learn as a sector from the ISS World malware attack, click here

Article written by Ella Tansley | Published 20 March 2020

Share

Related Articles