Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Computer virus battered Reckitt Benckiser adds to Monday gloom. Can its security fend off future outbreaks?

British businesses have long been guilty of under investment. Reckitt's results highlight the danger of that when it comes to IT 

James Moore
Chief Business Commentator
Monday 24 July 2017 12:24 BST
Comments
Reckitt Benckiser: Consumer products group still trying to clean up after malware attack
Reckitt Benckiser: Consumer products group still trying to clean up after malware attack (Reuters)

Your support helps us to tell the story

This election is still a dead heat, according to most polls. In a fight with such wafer-thin margins, we need reporters on the ground talking to the people Trump and Harris are courting. Your support allows us to keep sending journalists to the story.

The Independent is trusted by 27 million Americans from across the entire political spectrum every month. Unlike many other quality news outlets, we choose not to lock you out of our reporting and analysis with paywalls. But quality journalism must still be paid for.

Help us keep bring these critical stories to light. Your support makes all the difference.

A Monday morning of doom and gloom, and it wasn’t just the weather or the IMF’s downgrade of the UK economy that contributed: Reckitt Benckiser chipped in too.

Double entendres are not unknown to the maker of Durex condoms. There’s a ready made one to describe its latest trading statement: floppy. Revenues excluding currency fluctations grew just 2 per cent, adjusted profits 1 per cent in the first six months of the year.

The consumer products group also counts Vanish, Nurofen and Lemsip among its brands, and it could do with some of the latter to counter the summer cold that’s been hanging around since last month’s cyber attack.

The fallout from the NotPetya virus isn’t the only problem Reckitt is grappling with. Its business in South Korea has cratered after a horrible scandal involving a disinfectant that killed nearly 100 people and caused illness in many more. The results contain a provision of £318m in respect of the demerged drugs business Invidior, which is the subject of an on going investigation by the US Department of Justice. There was last year’s rotten Scholl product launch.

But NotPetya has exacerbated all those existing difficulties, raised questions about the quality of its IT security, and taken the gloss of the good parts of the interim results statement, such as the recent sale of the group’s food business and the faster than expected completion of the £14.2bn buy of baby formula maker Mead Johnson.

“We still have work to do on addressing the full implications of the recent cyber attack,” chief executive Rakesh Kapoor warned.

That attack hit the company on 29 June, starting in Ukraine, and managing to avoid many of the measures designed to prevent its spread, rapidly mucking up systems, and services.

It took just over two weeks for most of Reckitt’s manufacturing sites to get back to something close to full capacity. However, the company admitted that there are “a number of activities which will take until the end of August to complete in full and we continue to face some operational disruption”.

The resultant delays to shipping and invoicing have, in some cases, lost it sales.

NotPetya was named after the Petya ransomwear virus, but whereas the latter was designed to extort money, the former’s intention was purely destructive. As the impact on Reckitt demonstrates, it succeeded in that.

Mr Kapoor says the business is now responding: “RB has significant cyber security measures in place. With attacks becoming ever more sophisticated in nature, we are reviewing what further measures can be implemented to minimise both the likelihood and potential impact of any future attacks.”

You would hope so.

British businesses and multinationals based in Britain have long been guilty of underinvestment, IT included. A report by the Institute for Public Policy Research’s Commission on Economic Justice highlighted the issue again last week, and pointed to one of the possible causes: short-term shareholders with short-term time views.

However, NotPetya and viruses like it, whether seeking to extort money, or just aimed at causing chaos, can hit both short-term and long-term returns.

As such, at the top of the list for any institutional investor when called in for lunch should be, “are you spending enough on your IT and security and if not why not”, regardless of their time horizon.

Reckitt wants us to believe it has woken up to the issue. Only time will tell if that’s true. And even if Reckitt is now sufficiently alive to the danger, it’s by no means clear that others are.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in