View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 17, 2023

Royal Mail spent £10m on cybersecurity after LockBit ransomware attack

Most of the expense has come from repairing and strengthening its cyber-defences.

By Greg Noone

Royal Mail has spent £10m repairing and strengthening its cyber defences after being breached by ransomware group LockBit earlier this year. The attack also hit Royal Mail’s international revenue, with its overseas delivery service having been out of action for several weeks following the breach.

The impact of the January attack was revealed in interim financial results published by Royal Mail’s parent company IDS. The money spent on remediating the attack contributed towards an annual increase in Royal Mail’s infrastructure costs of 5.6%. It posted a half-year loss of £319m.

Royal Mail cyberattack
Royal Mail has spent some £10 million on shoring up its cybersecurity, according to a recent financial statement from its parent company. (Photo by Asvolas / Shutterstock)

LockBit’s attack left Royal Mail “unable to despatch items to overseas destinations.” The ransomware gang stole 44GB of data, mostly consisting of staff records pertaining to 200 employees. Royal Mail refused to meet the ransom demands of the hackers and instead spent a month bringing its international parcel delivery service back online

Royal Mail was not willing to share details on how it spent £10m to shore up its cyber defences but did confirm its investment in enhanced cyber controls for the prevention, detection, response and recovery from future cyberattacks. “We have an ongoing process to strengthen controls and enhance our cyber resilience to minimise risk and ensure a swift response,” a spokesperson told Tech Monitor, adding that the firm had “prioritised the expansion of in-house and partner cyber team capabilities”.

The specific measures Royal Mail has taken to enhance its cyber-resilience since January are likely to be extensive, says Jake Moore, global cybersecurity advisor at ESET. They “could be as simple as better and more frequent staff training,” says Moore, as well as instituting more robust multi-factor authentication and security updates across the business. Organising regular attack simulations and acquiring “offsite and disconnected backups with a tested restore process is also vitally important and would take a hefty chunk of the money.”

Lockbit’s global crime spree

Meanwhile, LockBit continues to raid other public and private sector organisations around the world. Last week, the group was linked to a major cyberattack against ICBC, forcing the Chinese bank to re-route major transactions through rival financial institutions (LockBit has since claimed ICBC has paid for its data to be returned.) Other alleged victims of the Russian cybercrime cartel include the UK’s Ministry of Defence, Boeing and the software provider Ion Group

“LockBit persistently spreads [its] infection across a network, encrypting all accessible computer systems in its wake and clearly left quite the impression with Royal Mail,” says Moore. “Preventive measures to ensure companies are protected against any ransomware or malicious attacks are vital and no better lesson can be learnt by experiencing this in real life. Unfortunately, Royal Mail learnt the hard way. But no expense can be spared in helping improve measures to help protect systems.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Read more: LockBit leaks more Royal Mail data after ransomware attack

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.