top of page

Analysis of SEC Cyber Disclosures

This analysis was prepared by Jacob Richards and includes disclosure from January 1, 2024 to May 1, 2024.

Opening Remarks

From January 1st to May 1st, we analyzed 19 cyber disclosures. 4 out of the 19 cyber disclosures had a disclosure date that was prior to the 2024 year. Most of the disclosures lacked specific details that could be used to inform X-Analytics, such incident severity (including record volume and duration), incident costs (including direct, indirect, and opportunity costs), and other relevant details.

Key Findings & Analysis

United Healthcare: In February 2024, this massive healthcare and well-being company suffered a newsworthy ransomware attack. The attack directly impacted Optum Insight

  1. Associated business disruption: United Healthcare reported that this incident caused $279m of business disruption within Optum Insight.

  2. Associated direct response: United Healthcare reported direct reponse costs of $230m for United Healthcare, $138m for Optum Health, and $225m for Optum Insight. Direct response total was $593m.

  3. Total cost: Combining the business disruption and direct response costs, the total cost is $872m.

  4. Perspective: Even with the cyber attack costs, Optum Insight had an adjusted operating margin of 15.9%, which was still the best adjusted operating margin when compared to all other business units.

  5. Perspective: The cost of this cyber incident is 0.9% of annual revenue.

  6. Perspective: Despite the cyber attack, United Healthcare returned $4.8b to shareholders in the first quarter through dividends and share repurchases.

LoanDepot: In Jan 2024, this nonbank holding and lending company, suffered a large data breach

Fidelity National Financial (FNF): In Nov 2023, this title insurance and settlement services provider suffered a large data breach.

Closing Comments

These are only a few of the cyber incidents that happened this quarter, it is somewhat difficult to gauge the severity (and/or materiality) of cyber incidents. We want to provide a factual look at these events so the reader can create their own opinions regarding these matters.




bottom of page