Demant, one of the world's largest manufacturers of hearing aids, expects to incur losses of up to $95 million following what appears to be a ransomware infection that hit the company at the start of the month.

This marks one of the most significant losses caused by a cyber-security incident outside of the NotPetya ransomware outbreak -- known to have incurred companies like shipping giant Maersk and courier service FedEx losses of over $300 million, each.

Demant's losses also outweigh the damage caused by a ransomware incident at aluminum producer Norsk Hydro, initially estimated at $40 million, but which is now expected to reach $70 million.

Demant security incident

Demant's troubles began at the start of the month, on September 3, when in a short statement on its website, the company said it was shutting down its entire internal IT infrastructure following what it initially described as "a critical incident."

What really happened on the company's network, we'll never know, as Demant never revealed anything except that its "IT infrastructure was hit by cyber-crime."

Reports in Danish media[1, 2] pegged the incident as a ransomware attack, and it sure did look like one from the outside.

Per its own statements, all the company's infrastructure was impacted -- and impacted severely.

This included the company's ERP system, production and distribution facilities in Poland, production and service sites in Mexico, cochlear implants production sites in France, amplifier production site in Denmark, and its entire Asia-Pacific network.

Companies usually recover after data breaches within days; however, Demant took weeks, is still recovering assets today, and expects to take two more weeks to recover in full. This pattern of destruction that takes months to recover from is usually encountered during ransomware infections only.

Incident has long-lasting effects on Demant's business

But while the company's staff have been recovering IT infrastructure, the biggest losses came from the impact of not having access to these systems in the first place.

The company reported "delays in the supply of products as well as an impact on our ability to receive orders."

Furthermore, "in our hearing aid retail business, many clinics across our network have not been able to service end-users in a regular fashion."

These business upheavals have been a disaster for the company's bottom line. In a message to its investors, Demant said it expects to lose somewhere between $80 million and $95 million.

The sum would have been higher, but the company expects to cash in a $14.6 million cyber insurance policy.

Most of the losses have come from lost sales and the company not being able to fulfill orders. The actual cost of recovering and rebuilding its IT infrastructure were only around $7.3 million, a small sum compared to the grand total.

"Approximately half of the estimated lost sales relates to our hearing aid wholesale business. The incident has prevented us from executing our ambitious growth activities in some of the most important months of the year - particularly in the US, which is our biggest market," Demant said in a press release last week.

"A little less than half of the estimated lost sales relates to our retail business where a significant number of clinics have been unable to service end-users in a regular fashion. We estimate that our retail business will see the biggest impact in Australia, the US and Canada followed by the UK. The vast majority of our clinics are now fully operational, however, due to the effect of the incident on our ability to generate new appointments during September, we expect some lost sales in the next one or two months, which is also included in the current estimate.

"Our remaining business activities, Hearing Implants, Diagnostics and Personal Communication, have also been impacted by the incident, but with a relatively smaller overall Group impact due to the nature and size of these businesses," it added.

The company expects the incident to have a long-lasting effect on its bottom line, proving again why businesses can't ignore their cyber-security posture anymore.

Demant is not the only major company to suffer a major cyber-security infection in the past year. Past incidents mostly include ransomware incidents, such as those at defence contractor Rheinmetall, airplane parts manufacturer Asco, aluminum provider Norsk Hydro, cyber-security firm Verint, the UK Police Federation, utility vehicles manufacturer Aebi Schmidt, Arizona Beverages, engineering firm Altran, the Cleveland international airport, and chemicals producers Hexion and Momentive.