Intel Corp shares fell nearly 2 percent Thursday as investors worried about the potential financial liability and reputational hit from recently disclosed security flaws in its widely used microprocessors.
The largest chipmaker had confirmed Wednesday that flaws reported by researchers could allow hackers to steal sensitive information from computers, phones and other devices. Apple Inc, Microsoft Corp and other software makers have issued patches to protect against the vulnerabilities.
Intel may be on the hook for costs stemming from lawsuits claiming that the patches would slow computers and effectively force consumers to buy new hardware, and big customers will likely seek compensation from Intel for any software or hardware fixes they make, security experts said.
"The potential liability is big for Intel," said Eric Johnson, dean of Vanderbilt University's Owen Graduate School of Management. "Everybody will be scrambling over the next few days to figure out just how big it is."
Intel has said that the patches for the bugs would slow its chips down somewhat but that most users will not notice.
Amazon Web Services (AWS), the largest seller of cloud computing services, said in a statement it does not "expect meaningful performance impact for most customer workloads."
Microsoft and Alphabet Inc's Google both said in statements on their websites that they expect few performance problems for most of their cloud computing customers.
Financial repercussions
But the incident is likely to spur cloud companies to press Intel for lower prices on chips in future talks, said Kim Forrest, senior equity research analyst at Fort Pitt Capital Group in Pittsburgh, which owns shares in Intel.
"What [Intel's cloud customers] are going to say is, 'You wronged us, we hate you, but if we can get a discount, we'll still buy from you,'" Forrest said.
Forrest also expects Intel will have to increase its chip development spending to focus on security.
Government agencies and security experts said they knew of no cyberattacks that had exploited the vulnerabilities.
Financial services firms were studying information on the vulnerabilities to determine how to best respond, said the Financial Services Information Sharing and Analysis Center, a global industry group known as FS-ISAC that shares data on cyberthreats.
Banks and other firms are trying to understand what it will cost to respond to the issue, FS-ISAC said in an emailed statement.
"In addition to the security considerations raised by this design flaw, performance degradation is expected, which could require more processing power for affected systems to compensate and maintain current baseline performance," FS-ISAC said. "There will need to be consideration and balance between fixing the potential security threat vs. the performance and other possible impact to systems."
Lawsuit filed
Lawyers filed a lawsuit in San Jose, California, federal court on Wednesday that sought class-action status and compensation for people who had bought vulnerable Intel chips or computers that came with them already installed.
Intel did not immediately respond to a request for comment on Thursday about the lawsuit.
While more lawsuits are expected, Intel's biggest customers are likely to quietly seek compensation for any harm caused by the vulnerabilities, including costs to patch machines or replace microprocessors, Johnson said.
Legal experts said that consumers would have to prove concrete damages and harm to proceed with claims.
Intel shares fell 1.8 percent, following a 3.4 percent decline Wednesday.
Shares in rival Advanced Micro Devices Inc climbed 4.9 percent as investors speculated the No. 2 maker of microprocessors would woo customers away from Intel.
Still, researchers had said some of AMD's chips had one of the two vulnerabilities disclosed on Wednesday, as do processors from ARM Holdings.