Capita plans £100 million in cost cuts as it continues to grapple with 2023 cyber attack

Capita has announced plans to significantly reduce costs in the year ahead after incurring sizable losses in the wake of a damaging 2023 cyber attack. 

Financial reports from the outsourcing firm show a net loss of $135.6 million (£106.6m) in 2023. Initial estimates published by Capita in the wake of the incident suggested it expected to incur losses of up to $25 million. However, its latest earnings report outlined a revised figure in the $32 million range.

A breakdown of expected costs in May last year showed the firm planned to spend millions on specialist professional services, recovery and remediation, and investments aimed at reinforcing its cyber security capabilities.

In the year ahead, Capita chief executive Adolfo Hernandez said the firm now needs to cut costs by over $127 million as part of an efficiency drive.

“We need to deliver a rapid reduction in our cost base and are on track to deliver the net £60m ($76.4m) annualized cost savings, from Q1 2024 as announced in November,” he said in a statement.

“Today we are announcing further material efficiency improvements of £100m to improve our competitive position.”

Hernandez did not specify where the cuts would be made, but the outsourcing giant has already implemented cost reduction measures in the last year. In November 2023, Capita revealed plans to shed 900 staff in a bid to reduce expenditure.

Capita feeling the pinch of rising data breach costs

Capita’s revised losses highlight the heightened financial pressures placed on firms in the wake of a security breach. 

Research shows that data breach costs have the potential to quickly spiral out of control as victims scramble to remediate damage and introduce more robust security measures.

Analysis from ExtraHop in August 2023, for example, found that data breach victims typically face a net income drop of up to 73% within the first year of a data breach disclosure.

Loss of customer confidence was also highlighted as a key danger in the wake of a data breach, further compounding financial difficulties due to lost custom.

Similar research from IBM last year showed that UK businesses pay an average of £3.4 million in overall costs following an incident.

What happened in the Capita cyber attack?

Capita first revealed it had experienced a “cyber incident” in March 2023. Initially, the company insisted there was “no evidence” that customer data had been compromised. 

The company later issued an update following a preliminary investigation, however. In Mid-April, Capita revised its initial claims, revealing that company servers had been compromised and that it had found “some evidence of limited data exfiltration”.

Data impacted in the breach included customer, supplier, and colleague data, along with client pension information.

Capita’s response to the incident was criticized by industry stakeholders amid accusations that it failed to adequately inform affected customers.

The firm’s sporadic communication with affected clients bore similarities to a security breach at LastPass in late 2022 where the password security provider failed to outline the true extent of an incident to customers.