The Cost of Ignoring Computer Security

TSMC (Taiwan Semiconductor Manufacturing Co.) got hit by a variant of WannaCry (again?) that stopped their manufacturing dead. Taiwan Semiconductor faces revenue hit after computer virus closes factories.

So they installed a new set of tools or updated software on some existing tools (it isn’t quite clear). In the process they infected their internal network with a variant of WannaCry. Manufacturing ground to a halt. That was on Friday. By Sunday they were apparently back in business.

This article says 3% of revenue. Steve Gibson, on Security Now, listed the cost as $256 million. (Links are to video and show-notes respectively.)

However you slice it, that is a large amount of money. TSMC promises that procedures will get better, to avoid a replay.

So will this encourage people to take security a little more seriously? Somehow I doubt it. Maersk Lines lost a similar amount of money and it didn’t change anything. And the European subsidiary of FedEx ditto. UK’s NHS was hit. Other medical facilities. Now this.