WPP’s CEO Provides Insights from His Advertising Firm’s Cyber Attack

By and | January 24, 2018

Top executives rarely spill the beans in public when their companies are hacked. WPP Plc’s Chief Executive Officer Martin Sorrell, at a Bloomberg event Wednesday in Davos, provided extensive insight into the cyber attack targeting the London-based advertising company in June. Here’s what he learned:

Isolate your Achilles heel

WPP shut down all its systems when it was hacked and communicated internally on an hourly basis, Sorrell said. While WPP had been integrating its systems and bringing them closer together, that created more vulnerability in the event of an attack. WPP has had to look at which systems should be kept separate, and is now constantly trying to identify the most vulnerable parts of the company, the CEO said.

An attack will cost you even after it’s over

While the attack cost WPP about $15 million in 2017, it was insured up to about $10 million of that. However, there was more cost later. Incremental measures to safeguard against similar attacks are costing the company about $10 million to $15 million in 2018 and beyond, Sorrell said.

Cyber criminals move fast

Several weeks before WPP has hacked, a WannaCry ransomware attack infected more than 300,000 computers across 150 countries. Microsoft Corp. and others responded quickly by providing software updates, including to WPP, but to no avail, Sorrell said. “Those patches couldn’t stop the malware attack that we had in June.”

You can become a target by accident

It looks like WPP wasn’t specifically targeted. “It is suggested now this was a Russian nation state attack on Ukraine,” to disrupt the country, Sorrell said, adding that his company became compromised through software it uses to file tax returns in Ukraine.

Sharing information about hacks is key

Sorrell said he had difficulties getting information from the U.K. government in the aftermath of the attack and was surprised how little resources law enforcement authorities have to stop cyber criminals. “While it was hair-raising and a terrible experience, we learnt a lot from it,” he said. Companies and authorities should share information as “it’s an existential risk for all of us.”

Topics Cyber

Was this article valuable?

Here are more articles you may enjoy.