Gartner Blog Network


Sony says there was no material financial impact from the hack. Really?

by Richard Hunter  |  January 26, 2015  |  5 Comments

In an announcement titled “Submission of an application for approval of extension of deadline to file the quarterly securities report for the third quarter of the fiscal year ending March 31, 2015” (see the full statement here), Sony Corporation notes that:

“… today that it has filed with the Financial Services Agency of Japan (the “FSA”) an application for approval of the extension of the deadline for Sony to file its quarterly securities report for the third quarter of the fiscal year ending March 31, 2015, pursuant to paragraph 1 of Article 17-15-2 of the Cabinet Office Ordinance on Disclosure of Corporate Information, etc.”

The announcement goes on to detail the reasons for the delay, all of which are the result of the cyberattack on Sony Pictures Entertainment that took place in late 2014:

“In November 2014, Sony Pictures Entertainment Inc. (“SPE”), a consolidated subsidiary of Sony that is reported as the Pictures business segment, identified a cyberattack on SPE’s network and IT infrastructure. As a result of the cyberattack, which has been now recognized as a highly sophisticated and damaging cyberattack, a serious disruption of SPE’s network systems occurred, including the destruction of network hardware and the compromise of a large amount of data on these systems. In response to this cyberattack, SPE shut down its entire network. Since that time, SPE has worked aggressively to restore these systems. However, most of SPE’s financial and accounting applications and many other critical information technology applications will not be functional until early February 2015 due to the amount of destruction and disruption that occurred… However, even with the anticipated restoration of these applications in early February 2015, SPE will not have sufficient time to close its financial statements in time for submission of the quarterly securities report in the middle of February 2015. “

So Sony’s “critical information technology applications will not be functional until early February 2015”–three months after the onset of the attack.  Nevertheless, when we read to the end of the filing, we see this:

“While Sony continues to evaluate the impact of the cyberattack on its financial results, it currently believes that such impact is not material.”

If that statement is correct, there are major implications for enterprises and their IT organizations.  If an 8-billion-dollar-plus corporation with over 5,000 employees in the USA can run for three months with its information systems turned off without producing a material impact on its business, the whole idea of “critical information technology applications” is questionable.

Does IT create value, or not?  That’s the question.  The Sony case will sooner or later provide an answer, or at least an object lesson.

 

 

 

 

 

 

 

 

 

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: it-risk  privacy  value  

Tags: it-risk  it-value  sony-hack  

Richard Hunter
VP Distinguished Analyst
17 years at Gartner
32 years IT industry

Richard Hunter is vice president and Gartner Fellow in Gartner's CIO Research Group – Office of the CIO Research Team, where his recent work has focused on issues of interest to CIOs, including risk and value. ...Read Full Bio


Thoughts on Sony says there was no material financial impact from the hack. Really?


  1. […] udmelding undrer vice president i Gartner, Richard Hunter, sig over i et […]

  2. […] has stated that, apparently, the damages are immaterial (PDF opens). Some critics doubt this and indeed, it seems implausible that you can just go without your financial reporting tools for an […]

  3. […] Sony afirmou que, aparentemente, os danos sofridos são imateriais. Alguns críticos, como Richard Hunter, duvidam disso, e realmente parece pouco provável que a empresa possa prescindir de ferramentas de […]



Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.