Panic, pressure and disbelief: the emotional impact of a ransomware breach

On Monday 3 June 2024, a ransomware attack on a little-known pathology service provider set in motion a disastrous chain of events. Soon, the primary care services in south-east London were reeling, with critical test results unavailable. Within days, an urgent call went out for blood donors. The breach forced two NHS trusts in the capital to cancel over 10,000 acute outpatient appointments and more than 1,700 elective procedures.

This is an extreme example of the potential damage a ransomware attack can cause. But the likelihood of a similar incident happening to your organisation is growing. That’s why it makes sense to understand and prepare for the emotional toll it will take.

In the crosshairs

Ransomware is on the rise. The UK’s government and utilities sectors were hit by more attacks last year than in all previous years combined, according to reports to the Information Commissioner’s Office (ICO). But the truth is that the threat is not confined to these verticals, or even to critical infrastructure (CNI) sectors. Research reveals that in Q2 2024, professional services (19%), consumer services (9%) and retail (7%) were impacted almost as badly as financial services (14%) and healthcare (14%).
Nor is it a risk primarily for large enterprises. The same study shows that two-fifths of ransomware victims in the period were organisations of under 100 employees. A further third (31%) had 101-1000 employees.
“While much of the media attention tends to focus on large companies that create major waves of secondary disruption when they get impacted, ransomware still remains a small to mid-market business problem by the numbers,” it notes.

As long as there are hostile states prepared to shelter, or even sponsor, attacks, and victim organisations continue to pay, ransomware will be a significant threat to mid-market UK businesses. So what can you expect when confronted with the worst-case scenario?

When disaster strikes

No two attacks are the same, but there is some commonality we can point to. Expect some or all of the following:

0-12 hours post-attack: Business owners may be paralysed with the fear of losing critical data like highly regulated customer and employee information and sensitive IP—possibly forever. They’ll also be panicked over potential system disruption and outages that stem either from the ransomware itself or the forced shutdown of servers to prevent its spread.

12–24 hours post-attack: Anxiety will build about the pace of recovery, how much data is actually recoverable and how quickly operations can resume. Frustration may set in as answers to many of these questions won’t be immediately forthcoming due to the technical complexity of incident response. Pressure will come from all sides: customers, employees and other stakeholders, making clear and consistent communication essential.

1–3 days post-attack: Business owners will experience further stress as the full scale of the attack becomes clear. Concerns over lost revenue, operational downtime, damage to brand reputation and regulatory scrutiny will abound. A sense of helplessness may emerge if senior managers lose trust in the systems they thought were secure.

3 days onward: Senior leaders will work with technical teams on a full recovery roadmap, which may reassure them progress is being made while reminding of the long road ahead. However, lingering doubts over the possibility of a future attack and concerns over security posture will keep the stress levels elevated for some time.
In the second of this two-part blog series, we’ll take a look at what your organisation can do to minimise the impact of a breach.

Is your business vulnerable to a devastating cyber attack? Don’t wait for hackers to find out. QuoStar’s cyber security experts will assess your defenses, identify critical weaknesses, and build an ironclad shield around your vital systems and data.