Industrial pump maker Weir Group is reeling following a sophisticated cyberattack in the second half of September that forced it to isolate and shut down its core IT systems, including enterprise resource planning (ERP) and engineering applications.
The result is several ongoing but temporary disruptions, including engineering, manufacturing and shipment rephasing, which has resulted in revenue deferrals and overhead under-recoveries.
To reflect this incident, Weir is updating full-year guidance. The operating profit impact of Q4 revenue slippage is expected to be between £10 and £20 million ($13.6 to $27 million) for the 12 months, while the impact of overhead under-recoveries is expected to be between £10 million and £15 million.
Earlier in 2021, the company also guided that it expected a full-year operating profit headwind of £11 million based on February exchange rates.
The minerals division is expected to carry the brunt of the impact due to its engineering and supply chain complexity relative to the energy services business unit. The direct costs of the cyber incident are expected to amount to £5 million.
“Our forensic investigation of the incident is continuing, and so far, there is no evidence that any personal or other sensitive data has been exfiltrated or encrypted,” Weir said in a media statement.
“We are continuing to liaise with regulators and relevant intelligence services. Weir confirms that neither it nor anyone associated with Weir has been in contact with the persons responsible for the cyber-attack.”
Weir said it had brought forward its third-quarter financial report because of the cybersecurity incident.
The minerals division delivered order growth of 30%, with original equipment up 71%.
An exceptionally active market underpinned OE growth for small brownfield and integrated solutions rather than any specific large projects.
Weir says the division also continued to make market share gains with its energy and water-saving high pressure grinding rolls (HPGR) technology, reflecting increased demand for more sustainable mining solutions.
Demand for its mill circuit product range was also strong, as customers increased maintenance and replacement activity. Aftermarket demand was said to also remain strong, with orders up 16% year-on-year despite ongoing restrictions on on-site access, travel and customers’ logistics as miners continued to focus on maximizing ore production.
According to EY, cyber threats are evolving and escalating at an alarming rate for mining, metals, and other asset-intensive industries. EY said understanding the current cyber risk landscape and the threats new technologies bring is critical for planning reliable and resilient operations.
Skybox Security also recently released its annual Mid-Year Vulnerability and Threat Trends Report, offering new threat intelligence research on the frequency and scope of global malicious activity.
Key findings include OT vulnerabilities up 46%; exploits in the wild increased by 30%; network device vulnerabilities grew by nearly 20%; ransomware was up 20% versus the first half of 2020; cryptojacking more than doubled; and the cumulative number of vulnerabilities grew three times in the past 10 years.