Skip to main content
close search
site logo
Dive Brief

SolarWinds execs warn of short-term impacts from cyberattack, as renewal rates slow

Published Feb. 26, 2021
David Jones's headshot
Reporter
SolarWinds
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images

Dive Brief:

  • SolarWinds, in its first earnings report since the historic nation-state cyberattack was uncovered by FireEye in December, said it has removed all traces of the SUNBURST malware from its products, but that it may incur some short-term impact during the first quarter. 
  • The company expects maintenance renewal rates to be in the low to mid-80s during 2021, compared with renewal rates of more than 90% during 2020, when the firm reported more than $1 billion in revenue.
  • The company spent about $3.5 million in expenses related to the breach during the fourth quarter and will incur about $20 million to $25 million in additional expenses related to upgrading product security, higher insurance costs, fees and other expenses that are in most cases related to the SolarWinds attack.

Dive Insight: 

Analysts and industry executives have been closely watching SolarWinds to see how it handled the fallout from the attack because companies up and down the supply chain are now taking a closer look at vendors they do business with. 

SolarWinds CEO Sudhakar Ramakrishna, who took the helm at the beginning of the year, said few companies would have been able to withstand the impact of such a powerful, sophisticated threat actor. 

“As I came on board and learned more, it became clear that any company would be hard pressed on its own to withstand this type of dedicated and sophisticated attack by a determined nation state,” he said on the quarterly conference call Thursday. “It also became clear that the scope of the attack was much broader than SolarWinds as news and public disclosures emerged about breaches and compromises of companies unrelated to us.”

Last week Anne Neuberger, the Biden administration’s point person on the SolarWinds attack, said that nine federal agencies and fewer than 100 companies were compromised by the attack and SolarWinds executives said their revised assessments line up with those findings. 

Because of potential uncertainty, SolarWinds executives declined to give a full-year outlook. 

“Doing your due diligence is going to be ever more important when interacting with existing vendors and potentially new vendors,” Ryan Shersobitoff, vice president, cyber threat research and intelligence at SecurityScorecard. “In the case of the SolarWinds attack it hits the fundamentals of the supply chain.”

Filed Under: Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell