Demant A/S: Estimated financial impact of IT incident reflected in outlook

smörum, DENMARK

Company announcement no 2019-1126 September 2019

Estimated financial impact of IT incident reflected in outlook

As previously communicated in Company announcements on 3, 4 and 17 September, the Demant Group experienced a critical incident on our internal IT infrastructure on 3 September 2019. The Group’s IT infrastructure was hit by cyber-crime. Our quick response to the issue by shutting down IT systems across multiple sites and business units contained and limited the issue, but key business processes throughout the value chain were nevertheless impacted by the incident, including R&D, production and distribution. Also thanks to our quick response, data back-up was overall intact. This has enabled us to recover in a structured and efficient way while further improving security in the Group’s IT infrastructure.

Since the Company announcement issued on 17 September, we have continued to recover and reactivate systems, applications and servers across regions and business areas, and we are now operational in a substantial number of our sites and business areas. In line with previous communications, we expect to have the remaining business-critical systems, applications and servers recovered within the next two or three weeks. Our distribution facilities continue to run at full capacity, while our production lines in Poland as well as production in Mexico are quickly approaching full capacity. We continue ramping up to accommodate the back-log built up since the incident, to rebuild necessary inventories across the supply chain and to reduce turnaround times of repair and custom-made hearing aids. We are still in the recovery and ramp-up phase at our amplifier production site in Denmark and at our cochlear implants production site in France.

We have now been able to assess the financial impact of the incident on the full year 2019, even though our assessment remains uncertain at this time in the recovery process. Our current preliminary assessment indicates a total negative financial impact on EBIT in 2019 in the range of DKK 550-650 million, which includes the deduction of an expected insurance coverage of approx. DKK 100 million. This impact is predominately related to the estimated lost sales and weakening of growth momentum. Included in the financial impact, we expect to incur costs of DKK 50 million directly related to the incident.

Approximately half of the estimated lost sales relates to our hearing aid wholesale business. The incident has prevented us from executing our ambitious growth activities in some of the most important months of the year – particularly in the US, which is our biggest market. Despite our efforts to operate the business in the best possible way, our immediate focus on supporting existing customers to prevent them from being impacted by the incident has impacted sales and will likely impact our organic growth rate throughout the rest of the year.

A little less than half of the estimated lost sales relates to our retail business where a significant number of clinics have been unable to service end-users in a regular fashion. We estimate that our retail business will see the biggest impact in Australia, the US and Canada followed by the UK. We have already seen most of the estimated total impact, except in Australia and the UK where we are still in a ramp-up mode. The vast majority of our clinics are now fully operational, however, due to the effect of the incident on our ability to generate new appointments during September, we expect some lost sales in the next one or two months, which is also included in the current estimate.

Our remaining business activities, Hearing Implants, Diagnostics and Personal Communication, have also been impacted by the incident, but with a relatively smaller overall Group impact due to the nature and size of these businesses.

As a consequence of the IT infrastructure incident, we update our outlook for reported operating profit (EBIT) for 2019 to DKK 2,000-2,300 million (from previously DKK 2,650-2,850 million). Our assessment of the financial impact remains uncertain and is based on the recovery process continuing according to plans. At this point in time, we cannot estimate the impact on other key figures such as organic growth rates, cash flow, gearing ratios etc. We expect to be able to communicate the impact on these key figures in connection with the interim management statement, which will be published on 7 November according to our financial calendar. As of today, we have temporarily suspended our share buy-back. We have bought back shares worth DKK 580 million in 2019.

“The cyber-crime has had a significant impact on our ability to generate the growth we expected for the second half-year, and even though our commercial operations are doing their utmost to make up for the impact of the incident, we are in a situation where we cannot execute on our ambitious commercial growth activities to the planned extent. We are working around the clock to return to our growth-oriented business focus, while minimising the impact on customers and users of our products. We are grateful for the patience and loyalty shown, and the Demant organisation will continue to approach the incident with extreme dedication until we are completely recovered and have re-established what was severely disrupted by the incident,” says Søren Nielsen, President & CEO of Demant.

Demant will host a conference call on 26 September 2019 at 13:00 CET. To attend this call, please use one of the following dial-ins: +45 3544 5577 (DK), +44 3333 000 804 (UK) or +1 6319 131 422 (US). The pin code is 92154123#. A presentation for the call will be uploaded to shortly before the call.

* * * * * * *

Further information:
Søren Nielsen, President & CEO
Phone +45 3917 7300
Other contacts:
René Schneider, CFO
Søren B. Andersson, VP Investor Relations & Corporate Strategy
Mathias Holten Møller, Investor Relations Officer
Trine Kromann-Mikkelsen, VP Corporate Communication and Relations



2019-11 Estimated financial impact of IT infrastructure incident