Skip to content

Search the site

Ransomware attack cost Expeditors $60m in remediation, lost business

Company shrugs off the hit amid tight freight market...

A crippling ransomware attack on freight company Expeditors cost it $40 million in charges on lost shipping opportunities and a further $20 million in investigation, recovery, and remediation expenses.

The figures were revealed in Expeditors' Q1 earnings on May 3.

Expeditors CIO Christopher J. McClincy said in the most detailed public comment yet on the Expeditors ransomware attack that "systems impact related to the cyber-attack limited our ability to arrange shipments or manage customs and distribution activities, or to perform certain accounting functions, for approximately three weeks after the attack" adding that while largely recovered "we continue to navigate residual effects."

Follow The Stack on LinkedIn

The company was rescued from the worst of the attack's consequences by a hugely buoyant freight market and astonishingly managed to grow revenues 46% to $4.7 billion during the quarter, even as its airfreight tonnage volume and ocean container volume decreased 18% and 3%, respectively owing to systems outages at the firm.

"I have never been more proud of our employees’ ability to adapt – nor have I ever been more grateful to our loyal customers, carriers, and service providers for their unprecedented level of support while we worked through this crisis,” said Expeditors CEO Jeffrey S. Musser, adding: "Our core systems are operational, thanks to the around-the-clock efforts of our entire organization. Our people performed magnificently and we are proud of the financial results, especially considering the additional expenses and reduced volumes..."

(Musser, a well-liked leader who started out in field operations and worked his way to the top", is one of those rare CEOs with a CIO background: "His IT knowledge is critical" outgoing CEO Oeter Rose said in 2014.)

expeditors ransomware costs revealed
Expeditors CEO Musser thanked customers, carriers, and service providers for their “unprecedented level of support”

Expeditors ransomware costs revealed

Expeditors recorded $40 million in incremental demurrage charges, where the Company has direct liability for charges payable to a chartered vessel that could not be loaded as a result of its systems being down. It recorded the costs in "customs brokerage and other services" expenses.

The $20 million for remediation after the mid-February 2022 ransomware attack "primarily comprised of various consulting services including cybersecurity experts, outside legal advisors, and other IT professional expenses" the company said, filing this under "other operating expenses."

CEO Musser added: "All of our products suffered as a result of the cyber-attack, particularly during the first three weeks after the attack, as we quickly adjusted to a new and unfamiliar operating environment in which our core systems were taken offline to protect our network. Nevertheless, our Air and Ocean businesses both outperformed strong year-ago results, as rates remained elevated due to ongoing supply chain bottlenecks and capacity constraints, while tonnage and volumes declined principally as a result of the cyber-attack.

"Air freight continues to be impacted by the extreme imbalance between capacity and demand, particularly with exports out of Asia. While the cyber-attack constrained our volumes in air during the quarter, we continued to process shipments and serve our customers, particularly as shippers turned to air in an effort to get around the severe disruptions on the seas. Ocean volumes, in turn, continued to be hampered by port congestion due to labor and equipment shortages, which disrupted sailing schedules and kept rates well above historical norms. None of the issues in the air, on the water, or at the ports have appreciably improved or are likely to in 2022.”

The initial threat vector has yet to be publicly revealed and the incident is, once again, a reminder of the critical improtance of a well-rehearsed incident response plan and robust -- and tested -- disaster recovery tools and capabilities. CFO Bradley S. Powell said: "We believe the bulk of the expenses related to the cyber-attack are now behind us [but] we expect to continue to incur additional expenses related to further system enhancements."

See also: In which we are unkind about the WEF’s Global Cybersecurity Outlook

Latest