Capita has announced plans to significantly reduce costs in the coming year after incurring considerable losses following a damaging cyberattack in 2023.
The outsourcing company's financial reports show a net loss of $135.6m (£106.6m) in 2023. Initial estimates released by Capita in the wake of the incident suggested it expected to incur losses of up to $25. millions of dollars. However, its latest earnings report outlined a revised figure in the range of $32 million.
A breakdown of expected costs in May last year showed the company planned to spend millions on specialized professional services, recovery and remediation, and investments aimed at bolstering its cybersecurity capabilities.
In the coming year, Cápita CEO Adolfo Hernández said the company now needs to cut costs by more than $127 million as part of an efficiency drive.
“We need to achieve a rapid reduction in our cost base and are on track to achieve annualized net cost savings of £60 million ($76.4 million), starting in the first quarter of 2024, as announced in November.” he said in a statement.
“Today we are announcing £100m worth of further material efficiency improvements to improve our competitive position.”
Hernández did not specify where the cuts would be made, but the outsourcing giant has already implemented cost-cutting measures in the last year. In November 2023, Capita revealed plans to lay off 900 employees in a bid to reduce spending.
Capita feels the impact of rising data breach costs
Capita's revised losses highlight the increased financial pressures placed on businesses in the wake of a security breach.
Research shows that the costs of data breaches have the potential to quickly spiral out of control as victims struggle to remedy the damage and introduce stronger security measures.
An analysis by ExtraHop in August 2023, for example, found that victims of a data breach typically face a drop in net income of up to 73% during the first year after a data breach is disclosed.
Loss of customer trust was also highlighted as a key danger following a data breach, further compounding financial difficulties due to customer loss.
Similar research from IBM last year showed that UK businesses pay an average of £3.4 million in total costs following an incident.
What happened in the cyber attack on Capita?
Capita first revealed that it had experienced a “cyber incident” in March 2023. The company initially insisted there was “no evidence” that customer data had been compromised.
However, the company later issued an update following a preliminary investigation. In mid-April, Capita revised its initial claims and revealed that the company's servers had been compromised and that it had found “some evidence of limited data breach.”
The data affected by the breach included customer, supplier and colleague data, along with customer pension information.
Capita's response to the incident was criticized by industry stakeholders amid accusations that it failed to adequately inform affected customers.
The company's sporadic communication with affected customers bore similarities to a security breach at LastPass in late 2022, where the password security provider did not describe to customers the true scope of the incident.