The attack, identified as a ransomware breach orchestrated by the notorious Black Basta group, wreaked havoc on the company’s financial health, resulting in direct costs of £25.3 million ($32 million).
Initially estimating the incident’s impact at £20 million, Capita’s revised figures underscore the extensive repercussions of the attack.
The company’s annual report for 2023, released on Wednesday, revealed that the remaining losses stemmed from various factors, including substantial expenses related to business exits and goodwill impairment.
The aftermath of the cyber incident has been severe, with Capita’s share price plummeting by more than 54% since the attack, highlighting the profound ramifications on investor confidence.
On Wednesday, Capita saw a sharp decline in its market capitalisation, plunging by 20% in morning trading, eliciting dismay among shareholders.
The cyberattack has also inflicted considerable damage to Capita’s customer relations, as reflected in a decline in its net promoter score from +25 to +16.
Particularly affected was Capita’s pensions administration business, amplifying concerns about data security in sensitive sectors.
In response to the financial setback, Capita’s newly appointed CEO, Adolfo Hernandez, has announced stringent cost-cutting measures aimed at salvaging the company’s financial health.
“Our 2023 financial results have demonstrated some progress. However, we have yet to deliver the operational excellence that will enable us to create the right platform for future growth or achieve our full potential for the benefit of shareholders,” Hernandez said.
“Looking forward, we will focus on precision in execution, co-creating solutions with clients and accelerating the use of technology and leveraging our technology partnerships to drive improvement in our operating and financial performance.”
Hernandez outlined plans to slash an additional £100 million in costs by mid-2025, emphasising the imperative of operational efficiency and technological innovation to bolster Capita’s competitive edge and facilitate future growth. However, the specifics of these cost-saving initiatives remain undisclosed, prompting speculation about potential layoffs and restructuring efforts.
The company’s recent history underscores its proactive approach to cost reduction, exemplified by the elimination of around 900 jobs and the consolidation of property leases in the preceding year.
Amidst the financial challenges, questions arise regarding the extent of data compromise and the potential ramifications for stakeholders.
Although Capita initially reassured stakeholders that no evidence of data compromise existed, subsequent investigations revealed that data was indeed exfiltrated from a fraction of its server estate.
The lack of specific details regarding the volume of stolen data and the affected individuals raises concerns about transparency and accountability.
Capita’s data breaches have also triggered regulatory scrutiny, with data protection regulator the Information Commissioner’s Office receiving numerous reports from affected organisations.
In May last year, a separate breach exposed files containing details on local council benefit payments.
With potential fines looming under British data protection laws, Capita faces immense pressure to rectify security vulnerabilities and uphold its data protection obligations.
After disclosure of the May data breach, the company pledged to bolster its investment in cybersecurity measures and extended offers of a year-long subscription to monitoring services for affected clients.
Wanda Parisien is a computing expert who navigates the vast landscape of hardware and software. With a focus on computer technology, software development, and industry trends, Wanda delivers informative content, tutorials, and analyses to keep readers updated on the latest in the world of computing.
