Marine industry giant Brunswick Corporation lost $85 million in cyberattack, CEO confirms

A cybersecurity incident will cost the Brunswick Corporation as much as $85 million, the company’s CEO told investors last week.

The billion-dollar boating manufacturing firm announced a cyberattack on June 13 that impacted their systems and some of their facilities. The company brought in nearly $6 billion in revenue in 2021 and operates in 24 countries.

Brunswick officials did not confirm that the incident was a ransomware attack but said they were forced to stop operations in some locations while experts and law enforcement dealt with the incident.

During the company’s earnings call last week, CEO Dave Foulkes told investors and board members that the attack had a devastating effect on the company’s Q2 financial outlook.

Foulkes explained that the “IT security incident” caused “second quarter financial results that were lower than initial expectations.” After announcing the incident, it took the company nine days to get back up and running — critical time lost for a manufacturing company of Brunswick’s size.

“The disruption associated with the IT security incident was the most significant in our Propulsion and Engine Parts & Accessories segments. And because of the proximity to the end of the quarter, there was limited opportunity to recover fully within the same period,” he said.

“We have the opportunity to recover some lost production and distribution across our businesses, which will partially offset lost days in the second quarter. However, lost production days on high horsepower outboard engines will be challenging to recover because the production schedule was already full for the balance of the year.”

He estimated the attack would trim between $60 and $70 million for the full year after hitting revenue in the second quarter by as much as $85 million.

Chief Financial Officer Ryan Gwillim said the cyberattack had a major impact on Navico, a marine electronics company Brunswick acquired in 2021.

The majority of the financial losses outside of the propulsion and engine parts segments came from the downtime at Navico, which Gwillim said amounted to about $13 million.

No hacking group or ransomware gang has taken credit for the attack on Brunswick. Law enforcement agencies are one of Brunswick’s biggest customer bases but the company also provides engines and smaller boats for commercial use.

The cyberattack is part of a larger trend of hackers and ransomware groups targeting manufacturing companies.

Cybersecurity firm Dragos said that of the 253 ransomware incidents it tracked in the second quarter of 2023, 177 of them involved companies in manufacturing.