The long road back from the breach

History has shown that recovering from a cyberattack isn’t just about fixing vulnerabilities – it’s about rebuilding trust, restoring operations, and often, surviving legal battles. Take SolarWinds, for example. The company suffered a catastrophic cyberattack in 2019, which was only disclosed in December 2020. The fallout was immense. In November 2022, SolarWinds agreed to pay $26 million to settle a shareholder lawsuit alleging it misled investors about its cybersecurity practices before the breach. Fast forward to 2024, and the company is still dealing with SEC scrutiny over the incident. The saga continues, highlighting just how difficult recovery can be.

Similarly, Travelex, the foreign exchange giant, was brought to its knees by a ransomware attack in December 2019. The attack crippled its systems for weeks, leading to a loss of customer trust and significant financial strain. By August 2020, the company entered administration, shedding 1,300 jobs in the process. CEO Richard Wazacz later admitted that Travelex’s shareholders were looking to distance themselves, further proving that in some cases, a full recovery just isn’t possible.

When the harm hits beyond the bottom line

Outside of financial and reputational damage, cyberattacks can have a catastrophic impact on public health. This was laid bare in an example from the UK in June 2024 where several London hospitals declared a critical incident following a ransomware attack on the pathology testing firm, Synnovis. The attack meant affected hospitals couldn’t match patients’ blood as the same frequency as usual. Stolen data which, of which at least part was published online, included patient names, dates of birth, NHS numbers and descriptions of blood tests. In the latest update on the Synnovis website on 18th December 2024, it said: “The first phase of our restoration plan was prioritised by clinical criticality and is now complete. Our service users now have access to almost all of our services that were available prior to the cyberattack. This is a significant milestone and the culmination of a relentless five-month process.”

In a report from Digital Health, at least two patients have suffered long-term or permanent damage to their health, as a result of the cyberattack. There were also at least 11 cases of moderate harm, and more than 120 cases of low harm, although expert believe it’s “the tip of the iceberg”.

Investigations of this nature are highly complex will no doubt continue for years, and the impact on Synnovis, the NHS and, not least, the people, will reverberate.

When recovery is out of reach

While some businesses limp on post-breach, others don’t survive at all.

Code Spaces was a cloud-hosted source code management provider that suffered a devastating attack in 2014. Hackers gained access to its Amazon Web Services (AWS) control panel and deleted nearly all its data and backups. With no way to recover, the company was forced to shut down within days.

MyBizHomepage, a once-promising financial data startup, faced a cyberattack in 2008 that wiped out critical company data. Despite efforts to regain footing, the damage was irreversible, and the business collapsed soon after.

Ubiquiti Networks suffered a $46 million loss due to a business email compromise attack in 2015. While the company survived, the attack significantly impacted investor confidence and served as a cautionary tale for others.

How it hurts investment potential

For investors, cybersecurity is no longer a post-deal consideration – it’s a deal-breaker. Ed Bartlett, CEO at Hicomply, explains: “Cyber resilience isn’t a ‘nice-to-have’ anymore; it needs to sit alongside solid financials, strong leadership, and a promising market position. Investors wouldn’t touch a business with poor financial controls, so why is cybersecurity treated differently? The risks are just as significant, if not more so.”

Cyberattacks don’t just disrupt operations, they can permanently alter a company’s growth and profitability trajectory. Investors now view cybersecurity as a fundamental part of due diligence, knowing that a weak security posture can turn a once-promising venture into a financial liability. As a result we are seeing due diligence go much beyond access control or penetration testing of systems; there is no a focus on the real time cyber posture with investors looking for a KPI or a cyber security score even in much the same way cyber insurers look at this risk.

Prevention over cure

Recovering from a cyberattack is possible, but it’s never guaranteed. The businesses that stand the best chance of survival are those that prioritise cybersecurity from the outset, embedding resilience into their operations rather than treating it as an afterthought. As the stakes grow higher, organisations must ask themselves: can they afford to gamble with their future?

In an era where cyber threats are now a given and relentless, the best defence isn’t just having a recovery plan – it’s ensuring you never have to use it.

For more startup news, check out the other articles on the website, and subscribe to the magazine for free. Listen to The Cereal Entrepreneur podcast for more interviews with entrepreneurs and big-hitters in the startup ecosystem.