Capita cyber attack could cost firm up to $25 million in fees

Capita logo appearing a smartphone
(Image credit: Getty Images)

Capita has revealed it expects to incur up to $25 million in costs in the wake of a recent cyber attack which disrupted operations at the outsourcing firm. 

In a statement today, Capita provided an update on its response to the attack which occurred last month. 

The firm said it expects to incur “exceptional costs” of between $18.9 million and $25 million associated with the cyber incident

A breakdown of these costs showed the money will be spent on fees for specialist professional services, recovery and remediation costs, and “investment to reinforce Capita’s cyber security environment”.

Capita also confirmed that it has taken “further steps to ensure the integrity, safety, and security of its IT infrastructure”. 

An investigation has so far revealed that compromised data from less than 0.1% of its overall server estate had been affected during the incident. 

Capita previously estimated that around 4% of the company’s servers were affected by the breach back in April.

“Capita understands now, based on its own forensic work and that of its third-party providers, that some data was exfiltrated from less than 0.1% of its server estate,” the firm said in a statement. 

“Capita has taken extensive steps to recover and secure the customer, supplier and colleague data contained within the impacted server estate, and to remediate any issues arising from the incident.”

Capita’s data breach: Counting the cost 

The costs incurred by Capita in the wake of the recent cyber attack are significant, and highlight the growing financial risk to organizations that experience a security incident. 

Research from the Ponemon Institute and IBM Security last year found that the average cost of a data breach reached an all-time high of $4.35 million. 

The study noted that this figure represented a 2.6% increase from the year previous, when the average cost of a breach stood at $4.24 million. 

Long-term, the costs of remediation and recovery for Capita could be significant, according to Brad Freeman, director of technology at SenseOn. 

Speaking to ITPro, Freeman said the organization faces a two-pronged challenge in terms of bolstering security and assuring customers that its systems are secure. 

Capita provides IT outsourcing services to a number of high-profile organizations spanning both the public and private sectors, including the UK’s Ministry of Defence. 

“Capita's network and systems will need to be assured that they are clean which may involve rebuilding key systems. As an active attacker is likely to have been on the network, this remediation could involve investigating and rebuilding potentially hundreds of systems,” he said. 

“The technical and organizational complexity of Capita compounds the problem, likely making investigation, remediation, and restoration a slow and expensive process. I wouldn't be surprised if total remediation costs exceed the currently projected figures.”

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.