I was recently fortunate enough to hear Paul Abbott, the former Director of Knights of Old, discuss the insider perspective of the Knights of Old cyber-attack.
In mid-2023, Knights of Old, a 158-year-old UK logistics firm, was forced to cease operations after a devastating ransomware attack. Despite significant investment in IT infrastructure, certifications, and disaster recovery planning, the company was unable to recover. Consequently, over 700 employees lost their jobs.
This case serves as a stark reminder that cyber resilience is not solely an IT concern. It is a strategic risk that must be addressed at board level.
What HappenedOn 26 June 2023, the Akira ransomware group infiltrated the company’s systems using stolen credentials, reportedly obtained through weak password practices. Once inside, they encrypted critical systems, including logistics coordination and financial reporting tools.
Although the company held cyber insurance and invested over £100,000 annually in IT, the attack rendered essential financial data unusable. This prevented the business from invoicing, securing funding, or meeting lender obligations. By September 2023, the company had collapsed.
What Was Done WellKnights of Old had implemented several best practices:
Despite these measures, the business was unable to continue operating.
Where It Went WrongCyber Risk Was Not a Boardroom PriorityAlthough technical controls were in place, cyber risk was not regularly discussed at board level. The business remained focused on operational delivery, rather than digital resilience.
Disaster Recovery Is Not the Same as Business ContinuityThe company had a DR plan, but lacked a comprehensive Business Continuity Plan (BCP). As a result, critical functions such as invoicing and cash flow management could not continue during the outage. A False Sense of SecurityCertifications and insurance created a perception of preparedness. However, true resilience requires executive engagement, scenario planning, and alignment between technology and business operations.
Strategic Lessons for Business LeadersMake Cyber Risk a Standing Board Agenda Item
Boards should regularly review cyber threats, resilience strategies, and incident response capabilities.
Ensure Business Continuity Planning Goes Beyond IT
A Business Continuity Plan must address how the business will continue to operate during a disruption, including financial operations, customer communication, and supply chain continuity.
Test the Whole Business, Not Just the IT Team
Conduct cross-functional simulations involving finance, operations, and leadership. Ask the question: if systems failed today, how would we continue to operate?
Do Not Rely Solely on Insurance or Compliance
These are important, but they do not replace the need for real-time response capability and executive ownership of cyber risk.
Final ThoughtThe collapse of Knights of Old was not due to a lack of investment in IT. It was the result of a disconnect between technology, leadership, and operational continuity. In today’s environment, every business is a digital business. Cyber resilience is not optional. It is essential for survival.
You can find more of our insights and articles on our website.
I help small and mid-sized businesses get more from their technology. Many know IT is critical but don’t have access to senior-level expertise. That’s where I come in.
Post articles and opinions on Manchester Professionals
to attract new clients and referrals. Feature in newsletters.
Join for free today and upload your articles for new contacts to read and enquire further.
