How one breach triggered a full-scale business collapse
The ransomware attack on Knights of Old, a well-known UK logistics company, was one of the most serious cyber incidents in recent years. The business didn’t just lose data – it shut down completely. The breach, combined with weak security controls and poor recovery planning, made it impossible to bounce back.
The case has become a key example for insurers, clients, and supply chain businesses. It shows how one cyber-attack can expose major gaps in security, insurance cover, and business continuity.
The attack and fallout
In June 2023, Knights of Old (part of KNP Group) was hit by a ransomware attack from the Russian-linked Akira cybercrime gang. The attackers broke in using a reused employee password and locked access to key systems, including transport management and financial platforms. They demanded nearly £5 million in ransom, leaving behind a chilling message: "Your company’s infrastructure is fully or partially dead."
Recovery efforts failed due to lost data and ineffective backups. Operations stalled, cash flow stopped, and the business couldn't meet investor or reporting obligations. By September, Knights of Old entered administration, resulting in over 700 job losses.
The story reached a wider audience through the BBC’s Panorama documentary, Fighting Cyber Criminals, which highlighted the devastating impact on staff and operations.
A litany of systemic control failures
Despite significant IT spend (reported at £100,000 annually), basic cyber hygiene had broken down. Key vulnerabilities included:
- Poor password practices: password reuse left systems exposed. Dark web monitoring could have flagged risks earlier.
- Failure to use encrypted password tools: a simple password manager may have prevented the IT systems breach.
- MFA uncertainty: multifactor authentication may not have been in place; in which case, its absence likely worsened the impact.
- Inadequate backups: the company’s collapse points to insufficient or non-recoverable backups. Without access to company data, restoration was impossible, and insurance could not fully respond.
Why didn’t Cyber Insurance save Knights of Old?
Knights of Old had cyber insurance, reportedly valued at £1 million. While it provided some assistance, it ultimately didn’t save the business. This failure raises important questions:
- Was the cover adequate for their exposure level?
- Did the policy sublimit or exclude ransomware threats?
- Were weak controls flagged during underwriting – and if so, did they drive exclusions?
- Did soft market pricing obscure underwriting rigour, leaving risk underappreciated?
For brokers and insurers, the case highlights the need to:
- Quantify exposure accurately, using modelling tools like CyberCube, a cyber-risk modelling and analytics platform.
- Tailor coverage to the risk landscape, especially where system reliance and operational downtime are critical.
- Strengthen base-level client controls before placement.
Key takeaways
Knights of Old didn’t just experience a cyber-attack, it suffered a full business collapse. The problem wasn’t the breach alone, but the lack of strong security systems, clear planning, and reliable backup processes.
This case sends an urgent warning to all UK businesses that depend on digital systems:
- Build resilience from the ground up: train employees on cybersecurity basics, use secure login methods (like multifactor authentication), and make sure backups are in place and protected.
- Check that your insurance fits the risk: your policy should be based on a realistic view of your exposure, clearly written, and supported by strong cyber controls.
Ultimately, effective cyber protection must be proactive, well-managed, and backed by robust systems and practices and adequate insurance. Without these essential foundations, recovery becomes significantly harder, and business continuity may be put at risk.
