News
Southern Water Spent £4.5M on Cyberattack Response, Financial Report Reveals
United Kingdom’s Southern Water has disclosed that it spent £4.5 million ($5.7M) responding to a cyberattack in February 2024, a financial hit equal to its annual pollution management costs. The attack, attributed to the Black Basta ransomware gang, did not disrupt operations but resulted in stolen data, legal expenses, and cybersecurity reinforcements.
A Costly Breach Without Operational Damage
Southern Water, which serves 2.7 million water customers and handles wastewater services for 4.7 million people, confirmed that hackers infiltrated its IT systems. The company maintains an extensive network, delivering 570 million liters of water daily through nearly 14,000 km of pipelines and managing 1.5 billion liters of wastewater via its 40,000 km sewer system.
A year before this incident, Southern Water had already faced a security breach but assured that it did not impact financial systems or customer services. This time, however, the attack resulted in stolen data and a hefty price tag.
“We have incurred £4.5 million in responding to this exceptional incident during the year,” the company stated in its financial report.
The February 2024 breach led the company to hire external cybersecurity experts and legal advisors, alongside notifying affected customers. Despite the breach, there was no disruption to water supply or wastewater services.
Black Basta: A Dangerous Cyber Threat
The Black Basta ransomware group, known for targeting critical infrastructure, claimed responsibility for the attack. This group typically steals data before encrypting systems, using extortion tactics to demand payment from victims.
One intriguing aspect of this case is the leaked internal chat logs from Black Basta’s operations. These logs suggested that Southern Water initially offered to pay £750,000 ($950,000) on February 12, 2024, significantly lower than the attackers’ original demand of $3.5 million.
By the end of February, Southern Water’s name disappeared from Black Basta’s extortion site, raising speculation about whether a private deal had been struck. However, when asked directly, the company neither confirmed nor denied any ransom payment.
Breakdown of Southern Water’s Cyberattack Costs
The £4.5 million cost is significant, particularly when compared to other expenditures in the company’s annual budget.
| Cost Category | Amount (£ millions) |
|---|---|
| Cyberattack Response | 4.5 |
| Pollution Management | 4.5 |
| Customer Assistance Funds | 3.8 |
| Infrastructure Upgrades | 12.3 |
Beyond these immediate expenses, additional hidden costs could emerge, including:
- Legal and regulatory scrutiny – Authorities may demand further investigations.
- Reputational impact – Customers might lose confidence in Southern Water’s security measures.
- Future cybersecurity investments – The company is likely to spend more to prevent similar attacks.
Cybersecurity Measures and Dark Web Monitoring
Southern Water has since bolstered its cybersecurity strategy. The company claims to have hired security firms to monitor the dark web, ensuring that stolen data has not resurfaced. So far, no further leaks have been detected.
While ransomware attacks on critical utilities are increasing, UK law does not prohibit firms from making ransom payments. However, government agencies strongly discourage them, as payments fund cybercriminal networks and encourage further attacks.
One lingering question remains: Did Southern Water pay the ransom? With no clear answer from the company, speculation continues. What’s undeniable, however, is that cybersecurity threats to essential infrastructure are becoming an expensive and persistent challenge.
