The Tiny Gap That Sank a Business: What Cybersecurity Looks Like When It’s Too Late

In 2023, a transport company older than many countries — 158 years old — was wiped out almost overnight.

In 2023, a transport company older than many countries — 158 years old — was wiped out almost overnight.

It wasn’t a sophisticated state-sponsored hack or an exotic zero-day exploit. It was a weak password. One guessable, unsecured login. And it was likely all the attackers needed.

Once inside, the ransomware gang encrypted everything. Operations ground to a halt. No backup systems. No quick recovery. No coming back.

Over 700 people lost their jobs. A family legacy was destroyed. And worst of all, it may have been avoidable.

It’s Not the Hackers — It’s the people and their Habits

Too often, small businesses believe cybersecurity is a “tech problem.” Buy antivirus. Install firewalls. Done.

But in reality, the most devastating breaches aren’t about tools, they’re about habits.

Habits like:

Reusing the same password across multiple accounts
Forgetting to turn on multi-factor authentication (MFA)
Not checking if backups are working, until it’s too late
Failing to remove access from former staff
Not knowing what tools or platforms are in use (Shadow IT)

These are human decisions, not technical failures. And that means they’re within your control.

The director of that 158-year-old firm later admitted something haunting. He hadn’t told the employee whose password was compromised.

"Would you want to know if it was you?" he asked.

That’s the problem. In many businesses, no one wants to own cybersecurity until disaster forces their hand.

The Cost of Small Gaps

In fact, the story recently resurfaced in a BBC News piece, a chilling reminder that these breaches don't just fade away, they linger in the public memory. The BBC revisited how KNP Logistics, a 158-year-old firm, collapsed after hackers exploited what was likely a weak employee password.

(Source: BBC News – One weak password and 700 people lost their jobs)

This wasn’t just a blip. It was the end.

One moment of weakness exposed years of work, trust, and growth to total collapse. While this case made headlines, there are thousands of similar breaches every year that don’t.

The common theme? It’s rarely one huge mistake. It’s usually a series of small oversights that no one ever got around to fixing.

Beyond the immediate damage, breaches lead to:

Lost clients and contracts
Reputational harm and negative press
Legal and compliance issues
Burnout or stress for owners and staff
Costly downtime and operational disruption
Difficulty regaining trust — internally and externally

And for SMEs, one major incident is often one too many.

Cybercriminals don’t care how passionate you are about your work. They exploit the gaps. And they know most small businesses leave plenty of them.

Quick Risk Check: Are You Vulnerable?

Ask yourself:

Do you know when your backups were last tested?
Is MFA turned on for email, finance, and cloud services?
Could a former employee still access key systems?
Are you reusing passwords?
Would you know what to do if ransomware locked your files?
Does your team know how to report a phishing attempt?
Do you have a simple process for onboarding and offboarding staff?

If you’re unsure, that’s your starting point. Awareness is the first step, but only if it leads to action.

3 Simple Defences Every Small Business Needs

You don’t need to be a cybersecurity expert, but you do need to cover the basics:

1. Strong Password Policy

Avoid reusing passwords
Ban guessable terms like company names or "1234"
Use password managers with minimum complexity settings
Educate staff on the importance of secure credentials

2. Multi-Factor Authentication (MFA)

Enable it on all key platforms: email, cloud apps, finance tools
It’s one of the most effective, low-effort ways to reduce risk
Even if a password is stolen, MFA adds a second layer of defence

3. Tested Backups

Schedule regular offline backup checks and test file restoration
Store at least one copy offline or on a separate system
Practice recovery drills so you know how long it will take
Include backup awareness in your business continuity planning

What About the Basics You Can’t See?

Sometimes the biggest risks are the ones no one is watching:

Outdated policies no one reads or uses
Staff unsure how to report suspicious emails
Tools and accounts that "just work".... until they don’t
Legacy software with unpatched vulnerabilities

Assuming everything’s fine is a false sense of security. A quick health check can flag these gaps before they cost you.

Start asking: who owns this? Who checks it? Who's responsible?

If there’s silence in response, you’ve found your first fix.

From Complacency to Culture

Cybersecurity doesn’t have to be overwhelming. You don’t need jargon, certification, or an IT department to stay protected.

But it does require attention. Because your greatest cyber risk may not be hackers, it could be the overlooked basics.

That’s why we created the Cyber Sorted journey; a practical, guided approach to help small businesses move from vulnerable to resilient.

It starts with Cyber Sorted: Foundations, our free starter pack, and leads into Cyber Sorted: Pro, a deeper, action-based toolkit designed to help you build lasting protection.

Along the way, you’ll get:

A 10-minute Cyber Health Check
5 essential awareness tips
Editable policy templates
A no-fluff glossary and myth-busting guide
Guided steps to strengthen your culture, not just your tools

Built for busy business owners who want clarity, not complexity, and who want cybersecurity to work with their business, not against it.

Take Action Today

🔹 Download the Cyber Sorted: Foundations Pack
🔹 Run the 10-Minute Cyber Health Check

Don’t wait until the breach. Start where you are, with what you have.

One small change today could prevent your own headline tomorrow.