A year ago, we learnt that our IT systems had been breached in a cyber-attack.

There was no time to waste with our response. To protect our customers, we had to act fast – but at the same time, with great care. It was a challenging time, and as I reflect on it with the benefit of a year’s hindsight, I am proud of how we handled the situation, largely thanks to our team and trusted partners. Throughout the initial fallout, and the 12 months that have since passed, we have been able to keep calm, keep moving and, most importantly, keep our customers front-of-mind.

Read the full story from our CEO, Nadeem, of what happened, how we dealt with it and what we’ve learnt over the last year.

Call it intuition, but when my phone rang on my bedside table at 3am this time last year, I highly suspected it wasn’t someone calling to tell me that everything was fine and our systems were running normally.

Our data centre operators in India had noticed an issue with our servers. It was not a technical error but instead showed all the concerning signs of a cyber-attack. By the time I was woken with that call, the incident was already moving quickly.

Immediately, the scenario we had planned for – but hoped we’d never have to work through – began. This was the first and perhaps most important thing we learned following the incident: our preparation work was vital, and it paid off when we needed it to. No business should ever think ‘it will never happen to us.’ Instead, they need to adopt the mindset of ‘when’, not ‘if’.

As part of our plan, servers were shut down to stop the spread of the malware, but data on hundreds of servers had already been accessed and encrypted by the attackers. They changed our administrative passwords, which complicated access, and targeted all our systems at HQ, and our data centres. This caused an outage of our customers’ tracking services, disrupting their associated service deliveries.

We knew from monitoring cyber-attacks on other businesses that incidents of this nature were tough to power through. Service interruptions and breaches could potentially continue for some time to come, as the attackers had demanded a ransom payment.

The incident had immediate repercussions for our customers, including large supermarket chains, logistics providers whose vehicles criss-cross the country every single day, and even medical and humanitarian systems. We could not slow down the action we were taking to contain the breach; keeping customer disruption to a minimum was always at the front of our minds and we had to make sure that the same customers knew what was happening.

This is where our next lesson learnt came into its own: frequent and clear customer communications are essential when a business is hit by an issue that impacts service delivery. We would never expect to work in any other way.

Planning for all outcomes is critical when it comes to cybersecurity.

We had valid cyber insurance, not because we thought our systems were vulnerable to attack, but because we knew that cybercriminals stop at nothing to breach the most secure of systems.

Statistics bear this out. Beaming.co.uk suggest that there were more than 750,000 malicious attempts to breach systems on average in the UK alone – per day – in 2024. The lesson here is clear: not having a comprehensive cyber insurance policy would be extremely naïve.

While this was the first instance when we had cause to use our policy, the alternative of not having it in place is unthinkable. Our insurance partners recommended working with specialist cybersecurity advisors who can monitor systems for additional threats while the recovery operation is in progress. Thankfully, we’d done our preparation and had strong support immediately available.

Our incident response plan saw us contact customers and insurance companies first, followed by regulatory bodies in the countries around the world where we operate.

We had to be careful with how we communicated to all these stakeholders, as well as what we told the press. Despite our commitment to clarity, we did not want to give the perpetrators any clues to our incident response.

We took a zero-tolerance approach to engaging with the criminals who had breached our systems.

The incident impacted approximately 80% of our customers, including those who were running critical services. Internally, we reorganised our shifts so that fixing the incident became a 24/7 operation that included multiple meetings of our senior leadership team every day.

Thanks to our dedicated, all-hands-on-deck response, just ten days later, the majority of our systems had been recovered.

I am proud of how we dealt with our incident in the tail end of 2024 and how we have developed a very visible resilience following it.

We did not lose any customers, and for the first half of 2025, our customer churn sat at an incredible 0.5%. Our customers had our back; they trusted us.

Despite the pride in our response, I am determined that we should not rest on our laurels. The degree of inevitability of cyber incidents means we do not think we have had ‘our turn’ and that something like this will never happen again.

Take it from me and a company which knows. Our top three tips to companies going through similar attacks would be:

• Don’t engage directly with attackers and instead appoint an expert with specialist knowledge of aims and intentions.
• Form a detailed plan of response but expect a real cyber-incident journey to contain unforeseen twists and turns.
• After your incident has been declared as over, increase your security and improve your security position to include additional monitoring.

No company in the world can claim to be totally ready and braced for every eventuality of a cyber incident. But there are steps that can be taken to contain and mitigate the impact, as we did.

From experience, I know customers will thank businesses for a highly dedicated and proactive approach to a cyber-attack. For me and my team at Microlise, we will keep repaying that faith shown to us with our world-leading products and support.

– Best Regards,
Nadeem