Imagine that you are working in a logistics company responsible for managing the entire process so that a product arrives from one point to another, like the orders we receive from Amazon. Suddenly, all the necessary systems to keep the business operational stop working due to a cyber attack. What would happen? If the systems do not return to normal, it would only be a matter of time before the company faced severe consequences.
Such a scenario ought to be avoided through robust cybersecurity measures, protocols, and backups. However, let’s be honest—many businesses are not adequately prepared to confront security threats, even when these threats have the potential to devastate or destroy their operations. This seems to have been the case for a British company called KNP, which operated around 500 trucks across several enterprises, including a firm known as Knights of Old.
When Cybersecurity Fails, the Business Can Sink
KNP’s CEO, Paul Abbott, spoke in an interview with the BBC, stating that it is believed a group of cybercriminals managed to infiltrate the systems by guessing the password of one of its employees. This group, calling themselves Akira, employed ransomware to hold KNP’s data hostage. According to a part of the ransom note, “If you are reading this, it means that your company’s internal infrastructure is totally or partially dead …”, curiously omitting a specific ransom amount.
While this might seem unusual, it’s somewhat understandable. Some groups of cybercriminals have established support mechanisms where they can negotiate with their victims. The ultimate goal is often financial gain, which is why ransom amounts are typically substantial enough to incentivize payment while remaining low enough to facilitate the likelihood of the attacked parties agreeing to it.
The exact amount demanded by the cybercriminals has not been disclosed, but it is known that, according to the company, they did not have the funds to make the ransom payment. Reports suggest the hackers potentially requested around 5 million pounds (approximately 5.7 million euros), a figure deemed unmanageable for the company. It remains unclear if KNP continued to negotiate with the attackers, but by the end of 2023, reports indicated their data had been “lost,” ultimately leading the company to declare bankruptcy.

Most employees were laid off (about 730), with only 170 retained from one of the companies, Nelson Distribution, which was sold. This marked a tragic downturn for a firm boasting over 150 years of history.
Upon reading this, many may wonder about the preventive and mitigation measures KNP implemented. According to representatives, the company adhered to industry standards and had insurance against cyber attacks. Unfortunately, none of these measures sufficed. It remains unclear whether KNP faced existing issues before the cyber attack, and whether this incident exacerbated their circumstances.

This incident is not isolated. QUALYSEC reports that 60% of small businesses that experience a cyber attack shutter within six months due to insufficient resources for recovery. A report from Verizon in 2020 highlighted this statistic, emphasizing the financial damage, reputational loss, client distrust, and operational chaos that follow an attack.
In conclusion, as we navigate our hand in a world of increasing cyber threats, the unfolding situation with KNP underscores the critical importance of not only planning for cybersecurity but also regularly testing and updating these protocols. Each business, regardless of size, must prioritize the safeguarding of its assets and data. Only then can they hope to mitigate the potentially devastating impact of a cyber attack.
