demant ransomware attack

Demant Estimates Losses Related to Cyber Attack Possibly as High as $95M

As previously reported, the Demant Group, parent company to the Oticon, Sonic and Bernafon hearing aid brands, experienced a critical incident on its internal IT infrastructure on September 3, 2019. The Group’s IT infrastructure was hit by cyber-crime.

According to the latest press release update, the company state that it’s “quick response to the issue by shutting down IT systems across multiple sites and business units contained and limited the issue, but key business processes throughout the value chain were nevertheless impacted by the incident, including R&D, production and distribution. Also thanks to our quick response, data back-up was overall intact. This has enabled us to recover in a structured and efficient way while further improving security in the Group’s IT infrastructure.”

In line with previous communications, the company says it expects to have “the remaining business-critical systems, applications and servers recovered” within approximately the next two or three weeks.

“Our distribution facilities continue to run at full capacity, while our production lines in Poland as well as production in Mexico are quickly approaching full capacity. We continue ramping up to accommodate the back-log built up since the incident, to rebuild necessary inventories across the supply chain and to reduce turnaround times of repair and custom-made hearing aids. We are still in the recovery and ramp-up phase at our amplifier production site in Denmark and at our cochlear implants production site in France.”


Significant Financial Impact


The company says that it has now been able to assess the financial impact of the incident on the full year for 2019, “even though our assessment remains uncertain at this time in the recovery process”.

“Our current preliminary assessment indicates a total negative financial impact on EBIT in 2019 in the range of DKK 550-650 million ($80-$95M USD), which includes the deduction of an expected insurance coverage of approx. DKK 100 million (~$15M USD). This impact is predominately related to the estimated lost sales and weakening of growth momentum. Included in the financial impact, we expect to incur costs of DKK 50 million (~$7M USD) directly related to the incident.”

Approximately half of the estimated lost sales relates are said to be related to the hearing aid wholesale business. The incident prevented the company from executing on activities during one of the most important times of year, especially in the US market, which is the largest market for the company.

A little less than half of the estimated lost sales relates to the company’s retail business where a significant number of clinics have been unable to service end-users in a regular fashion.

The company said that “our retail business will see the biggest impact in Australia, the US and Canada followed by the UK. We have already seen most of the estimated total impact, except in Australia and the UK where we are still in a ramp-up mode. The vast majority of our clinics are now fully operational, however, due to the effect of the incident on our ability to generate new appointments during September, we expect some lost sales in the next one or two months, which is also included in the current estimate”.

Other business activities, Hearing Implants, Diagnostics and Personal Communication, have also been impacted by the incident, but with a relatively smaller overall Group impact due to the nature and size of those businesses.

According to Catalin Cimpanu, discussing the matter for the technology publication, Zero Day:

“This marks one of the most significant losses caused by a cyber-security incident outside of the NotPetya ransomware outbreak — known to have incurred companies like shipping giant Maersk and courier service FedEx losses of over $300 million, each.”


Updated Outlook for 2019


As a consequence of the IT infrastructure incident, has updated its outlook for reported operating profit (EBIT) for 2019 to DKK 2,000-2,300 million (from previously DKK 2,650-2,850 million; approximately $388M-$417M USD).

“Our assessment of the financial impact remains uncertain and is based on the recovery process continuing according to plans. At this point in time, we cannot estimate the impact on other key figures such as organic growth rates, cash flow, gearing ratios etc. We expect to be able to communicate the impact on these key figures in connection with the interim management statement, which will be published on 7 November according to our financial calendar.”

The company also announced that it has temporarily suspended its share buy-back. In 2019, the company has bought back shares worth DKK 580 million ($85M USD).

“The cyber-crime has had a significant impact on our ability to generate the growth we expected for the second half-year, and even though our commercial operations are doing their utmost to make up for the impact of the incident, we are in a situation where we cannot execute on our ambitious commercial growth activities to the planned extent. We are working around the clock to return to our growth-oriented business focus, while minimising the impact on customers and users of our products. We are grateful for the patience and loyalty shown, and the Demant organisation will continue to approach the incident with extreme dedication until we are completely recovered and have re-established what was severely disrupted by the incident”

Søren Nielsen, President & CEO of Demant