I recently ran a survey to understand how prepared organisations are for ransomware, and the results were sobering:
- 17% said they were 100% confident they could deal with ransomware if it struck tomorrow.
- 67% admitted they weren’t sure how they’d cope, suggesting uncertainty in plans or testing.
- 17% confessed they had no plan at all, leaving themselves exposed to disaster.
That spread is concerning as attackers only need a single weak point to cripple a business.
The divide between confidence and uncertainty highlights just how uneven preparedness really is across different sectors.
Real‑world Examples
Ransomware isn’t an abstract threat — it’s striking both household names and long‑established companies:
- Marks & Spencer and Co‑op both recently hit headlines after ransomware‑related disruption. These are huge organisations with deep resources, yet still found themselves vulnerable.
- Then there’s KNP Logistics, a 158‑year‑old UK firm with a proud history. Here’s the chilling ransom note they received:
“If you’re reading this, it means the internal infrastructure of your company is fully or partially dead… Let’s keep all the tears and resentment to ourselves and try to build a constructive dialogue.”
One weak password was all it took. From there, the dominoes fell quickly:
- Systems were locked and encrypted.
- Hackers demanded £5 million for the decryption key.
- Even with cyber insurance, recovery was impossible.
- Over 700 jobs were lost almost overnight.
A business was wiped out completely along with the livelihoods of hundreds of families, and the end of a legacy that had survived wars and recessions. All undone by a single point of failure. Sobering.
Takeaway: Could It Happen to You?
Ransomware isn’t just an IT issue. It’s a business survival problem, a boardroom responsibility, and a reputational risk.
To prepare properly, ask yourself some uncomfortable questions:
- Do we have tested backups, stored separately so attackers can’t encrypt them too?
- Do we know exactly what to do in the first hour of an attack, and who leads the response?
- Could we keep the business running, even partially, without our core systems?
- Who is responsible for contacting regulators, customers, suppliers, and staff under pressure?
- When was the last time we practised any of this in real time?
If you can’t answer these with confidence, you’re not alone. But as the KNP case shows, the cost of being unprepared can be catastrophic…
Your Actions This Month
Choose one area and make it stronger. Don’t try to fix everything at once — focus on small wins that build resilience:
- Review your backup process and confirm it actually works by restoring a file or two.
- Run a tabletop ransomware drill with your team. Even a brief session can expose blind spots.
- Double‑check password and MFA policies. Are admin accounts properly secured? Are old accounts disabled?
- Review your cyber insurance policy and see what it really covers. Would it help you rebuild, or just soften the financial blow?
Small steps today mean fewer regrets tomorrow.
Ransomware incidents often begin with the simplest mistakes: a rushed click on a suspicious link, an unpatched laptop left unattended, or a shared password unchanged for years.
Taking time now to rehearse your response and check the basics – like who holds admin rights, whether critical data is genuinely backed up off‑site, and how you’d communicate with staff and customers in a crisis makes a huge difference.
Even a half‑hour exercise can surface gaps that would otherwise remain hidden until it’s too late.
What exactly is ransomware, and how does it work?
Ransomware is malicious software that encrypts your files or systems, making them unusable until a ransom is paid. Attackers typically gain access through weak passwords, phishing emails, or unpatched software. Once inside, they move quickly to spread across your network and lock down critical data.
Does cyber insurance cover ransomware attacks?
Cyber insurance can help, but it’s not a magic shield. Policies vary widely – some exclude ransom payments, others limit cover if security basics (like patching or multi-factor authentication) weren’t in place. KNP Logistics had insurance, but it still couldn’t save them. The lesson: insurance should be a backstop, not Plan A.
How much do ransomware gangs usually demand?
Demands can range from a few thousand pounds targeting small businesses, to tens of millions for larger organisations. In the UK, ransoms in the £1–5 million range are increasingly common. But the bigger cost isn’t always the ransom itself – it’s the downtime, lost customers, regulatory fines, and reputational damage.
Should we ever pay the ransom?
Law enforcement agencies (including the NCSC and FBI) advise against paying. There’s no guarantee you’ll get your data back, and you may simply mark yourself as a repeat target. The focus should be on prevention, strong backups, and a tested recovery plan.
What are three quick wins we can take right now?
– Backups: Keep offline or immutable backups and test them regularly.
– Multi-Factor Authentication: Enforce MFA on all critical systems and admin accounts.
– Training & Drills: Run phishing awareness training and a short “what if ransomware hit tomorrow?” exercise with your team.
