It’s the kind of story that keeps IT professionals awake at night.
A 158-year-old UK logistics company KNP Logistics Group, shut down in June, with 700 staff made redundant overnight (*).
The cause? A cyberattack that began with a single weak password.
The ransomware crippled their systems, and recovery costs were too high. Within weeks, the business folded.
Generations of business, gone. Not because of market conditions. Not because of poor leadership.
Because someone used a guessable password — and nobody spotted it in time.
What went wrong?
- No MFA: The hacked account didn’t use multi-factor authentication. That one step could have stopped the attack.
- Flat network design: Once inside, attackers moved quickly across internal systems.
- Outdated backup protocols: Their backups weren’t enough to recover fast — or cost-effectively.
- Limited cyber insurance cover: As is often the case, it didn’t stretch to full recovery costs or ransom payments.
This isn’t just a ‘big business’ problem
Small and medium-sized businesses are hit just as often — and recover less easily.
60% of SMEs go out of business within 6 months of a major cyberattack.
(source: National Cyber Security Alliance)
Why? Because:
- They don’t have in-house IT or cyber experts.
- They haven’t reviewed their security for years.
- They think antivirus = security.
- They believe “it won’t happen to us.”
What we can learn from this
1. Weak passwords are still the entry point Cybercriminals use automated tools that crack simple passwords in seconds. The attack shows that even legacy businesses aren’t immune. The more legacy systems you rely on, the more doors they’ll try. It only takes one to open.
2. MFA and backups are a must, not a maybe Beyond strong passwords, you must enforce multi-factor authentication and maintain immutable backups. MFA stops most breaches cold. No exceptions, no excuses. It’s basic resilience.
3. Insuring without auditing is dangerous Many cyber-insurance claims fail due to poor security hygiene. Cyber‑insurance often requires pen‑testing and vulnerability scanning. Complying with standards isn’t just bureaucratic. Insurers now require proof: audits, patching, MFA, backups. Compliance isn’t a hoop to jump through — it’s your lifeline when things go wrong.
The real cost of doing nothing
Think about what a major ransomware attack could do to your business:
- Data loss: Financials, customer info, contracts — encrypted or deleted.
- Downtime: No email, no phones, no systems — for days or weeks.
- Lost trust: Clients may never return. Reputation damage lingers.
- Financial chaos: You may still owe VAT, staff salaries, suppliers — with no income coming in.
- No backups, no business: If your systems aren’t recoverable, you’re starting from scratch.
It’s not about IF you’ll be targeted. It’s whether you’ll survive it.
How do you stay protected?
You don’t need a full-time IT department to be safe. But you do need the right basic IT security setup.
Here’s where to start:
✅ Use unique, strong passwordsfor all accounts — no reuse across platforms
✅ Enforce multi-factor authentication (MFA)— especially for email, payroll, and admin access
✅ Audit who has access to what— remove old accounts, especially for ex-staff
✅ Backup your systems daily— off-site, encrypted, and tested
✅ Patch and update— out-of-date software is a goldmine for hackers
✅ Get a vulnerability scan or cyber health check — it could save you thousands
Final word
KNP’s story is a tragic reminder of how quickly it can all fall apart.
All it takes is one gap. One missed update. One poor password. And suddenly, the business you’ve built is in the hands of criminals.
Need a jargon-free check on your setup? That’s exactly what we do — no hard sell, just plain advice from someone local who cares about keeping your business running. Get in touch for a chat or a quick cyber readiness check.