It can be challenging to get businesses to talk about cyberattacks that they incur. But at a Bloomberg event in Davos Wednesday, Martin Sorrell, CEO of UK ad agency WPP, shared key takeaways from an attack on his firm this past June.

The WPP cyberattack occurred several weeks after the WannaCry outbreak. The agency shut down all its systems, and resorted to communicating internally, hour by hour. According to Bloomberg, the cost of the cyberattack ran to about $15 million, with insurance covering $10 million of that. But that was just the start. “There was more cost later. Incremental measures to safeguard against similar attacks are costing the company about $10 million to $15 million in 2018 and beyond,” reports Bloomberg. Sorrell’s main message here: An attack will cost you even when it’s over.

Sorrell’s additional takeaways:

  1. Cybercriminals move fast. Despite implementing software updates, Sorrell believes that patches would not have been able to stop the malware attack.
  2. You can become a target by accident. While it’s unlikely that WPP was the primary target, the company became compromised through software it uses to file tax returns in Ukraine, according to Bloomberg.
  3. Sharing information about hacks is key. Sorrell was surprised to find the lack of resources available to UK law enforcement to go after cybercriminals. Because of that, he is a strong proponent of businesses sharing information with each other, as well as with the authorities.

Read the full story at Bloomberg.