Following high-profile cyberattacks on British retailers M&S, Harrods and Co-op earlier this summer, as well as ‘significant incidents’ impacting suppliers to Tesco, Aldi and Sainsbury’s, media attention turned last month to the sad demise of former UKWA member, Knights of Old, which fell victim to a devastating ransomware attack.
Knights of Old, a firm with roots dating back more than 150 years, was founded in the Northamptonshire village of Old, from which it took its name. Its parent company, KNP Logistics Group, went into administration on 25 September 2023, following a catastrophic cyberattack that ultimately brought the business to its knees and led to the loss of around 730 jobs.
The full extent of the breach came to light this summer in an edition of the BBC’s Panorama documentary, Fighting Cyber Criminals. In the programme, a director from KNP Logistics revealed that hackers may have accessed internal systems simply by guessing an employee’s password. Once inside, they encrypted critical data, locked operational systems, and extracted financial information, effectively paralysing the company.
Unable to meet the hackers’ ransom demands – reportedly as high as £5 million – and without a viable route to recovery, the business collapsed.
Tragically, KNP had already made significant investments in IT infrastructure and cybersecurity, but it appears a single weak point – a training gap or human error – was enough to compromise the entire system. It’s a chilling reminder that even well-prepared businesses are vulnerable.
While big retail names attract attention, logistics and warehousing operators face just as much risk, especially given the sector’s heavy reliance on interconnected digital networks. And as we’ve seen, the consequences of a breach can be fatal.
The UK Government is responding with its forthcoming Cyber Security and Resilience Bill, which will include new powers to designate ‘Critical Suppliers’ and bolster supply chain protections across what it defines as Critical National Infrastructure. These high-level interventions are welcome, but businesses themselves can and should take action now to improve their cyber resilience too.
At a UKWA Scotland Roadshow, Jude McCorry from Cyber and Fraud Centre Scotland offered simple, practical advice: stay on top of software updates, train all staff to be cyber-aware, and ensure every business has a recovery plan in place. The basics matter, such as understanding phishing risks, avoiding suspicious links, and having clear reporting protocols.
Meanwhile, at the UKWA National Conference, solicitor Jack Horwitz of Leathes Prior outlined a structured approach to data protection through four key steps. Know your data: identify and classify what you hold; Protect your data: put defences in place; Prevent breaches: monitor and report suspicious activity; and Govern your data: establish policies and processes that guide action.
The collapse of KNP is a sobering case study in how a single cyber-attack can bring down a respected, long-standing business. As our sector continues to grow and depends increasingly on technology, investing in robust cybersecurity measures is essential to mitigate risk and protect both ourselves and our customers. Cyber attackers are getting smarter, so we must stay vigilant by securing our data and our operational resilience.
Clare Bottle
UKWA, CEO
Comments are closed.