Skip to main content
close search
site logo
Dive Brief

Clorox says it incurred $49M in costs from 2023 cyberattack

The breach caused system disruptions that led to order processing delays and “significant product outages,” negatively impacting net sales and earnings.

Published Feb. 6, 2024
Alexei Alexis's headshot
Reporter
Clorox (Justin Sullivan/Getty Images) via Getty Images

Dive Brief:

  • The Clorox Company has incurred $49 million in costs related to an August 2023 cyberattack as of Dec. 31, according to a recent Securities and Exchange Commission filing.

  • The costs primarily relate to third-party consulting services, including information technology recovery and forensics work, as well as “incremental operating expenses” accrued as a result of system disruptions, according to the filing.

  • The company said it expects to incur “lessening costs related to the cyberattack in future periods.”

Dive Insight:

Oakland, California-headquartered Clorox makes household products such as Clorox bleach, Pine-Sol and Fresh Step cat litter. 

The company disclosed last August that it had identified unauthorized activity on some of its IT systems. After becoming aware of the breach, the company took steps such as placing certain systems offline and engaging third-party cybersecurity experts to support investigation and recovery efforts, according to the SEC filing.

Despite these efforts, the incident resulted in “wide-scale disruptions to the Company’s business operations throughout the remainder of the quarter ended September 30, 2023,” the filing said.

The system disruptions triggered order processing delays and “significant product outages,” negatively impacting net sales and earnings, the company said.

The disclosure highlights the escalating costs of cybersecurity breaches and related pressures weighing on the office of the CFO.

The global average cost of a data breach between March 2022 and March 2023 was $4.45 million, a 15% increase over three years and an all-time high, according to IBM. Detection and escalation costs jumped 42% during the same period, representing the highest portion of breach costs, and indicating a shift towards more complex breach probes, the research found.

Meanwhile, businesses are also grappling with heightened regulatory risks associated with cybersecurity.

The SEC last October sued Austin, Texas-based software provider SolarWinds and its chief information security officer, Timothy Brown, for allegedly defrauding investors by mischaracterizing cybersecurity practices that were in place at the company leading up to a major breach discovered in December 2020. The company has denied the charges.

In December, the SEC began enforcing new rules that require public companies to disclose “material” cybersecurity incidents within four days of determining that it is a material breach. The rules, which build on prior agency guidance, substantially raise the stakes for public companies and their executives, including CFOs,  analysts say.

“I think we’ve already seen the SEC kind of turning up the heat on this issue, and the stakes are even higher with a formal rule now in place,” Cara Peterman, a partner in Alston & Bird’s Securities Litigation Group, previously told CFO Dive.

Editors' picks

Company Announcements

View all | Post a press release
Cybrid Responds to Market Demand for Stable, Efficient Cross-Border Payments with Enhanced Sta…
From Cybrid
November 20, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Financial Reporting
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell