Ninety-five years in business. Survived the Great Depression, a World War, deregulation, a global pandemic, and recessions that swallowed companies whole.

Then one night, criminals found an open door. They didn’t kick it in. They slipped in quietly, the way criminals always do, and they stayed. Watching. Mapping. Studying exactly how the operation ran and exactly how much it would cost to bring it to its knees. For months, nobody knew they were there.

Then they dropped the payload. By morning, every computer had the same message:

“Your files have been stolen and encrypted. All you need to do is pay.”

No incident response plan. No tested backups. No defined ownership of risk at the leadership level. When the crisis hit, no one knew what to do or who was in charge. We worked around the clock for weeks that turned into months. We got critical systems back up. But the damage — layered on top of existing financial pressure — became too much.

Sadly, they closed their doors permanently. Ninety-five years. Gone.

And here is the part I can’t stop thinking about: they thought they were protected enough.


The Most Expensive Gap in Business Has Nothing to Do With Technology

The ransom note is never where the story starts. The attack happened months earlier. Sometimes over a year earlier. A convincing email that looked like it came from a trusted vendor. A contractor with credentials nobody revoked. An alert firing into a folder nobody was monitoring. Criminals walked quietly through an open door, and nobody knew until the bill arrived.

The gap that destroys companies is not the gap in their firewall. It’s the gap between what leaders believe about their security and what they can actually prove. That gap looks like confidence. It feels like preparedness. It sounds like “we’ve got it covered.”

Until the morning systems go down.

The ransom note is not the attack. It’s the bill. The attack happened months ago.


What Full Recovery Actually Requires

A different company gets hit with a ransomware attack through a business email compromise — the same entry point criminals use constantly. By every measure, this should have been catastrophic. Here’s where the story changes.

Months earlier, this company had made a decision. Independent audit completed. Vulnerabilities identified and closed. Ownership defined at the leadership level. Incident response plan documented and practiced. Backups tested under real conditions, not just assumed to exist.

When the attack hit, it was detected immediately. Systems were contained. Forensics was engaged. After a five-day investigation to confirm the environment was clean, restoration began. Eighteen hours. Data restored to within fifteen minutes of the attempted attack.

Zero encryption. Zero data loss. Zero ransom paid. Still in business and thriving today.

That’s not luck. That’s what happens when a leader stops asking “are we protected” and starts asking “can we prove it.”


The Five Disciplines That Separate Those Two Outcomes

The difference between those two companies is not budget, industry, or the sophistication of the attack. It’s discipline. Practiced before the pressure was real.

I built a framework around five disciplines. I call it Proof to Profit. Every company I’ve seen recover fast — with minimal damage and zero ransom paid — had those disciplines in place before the crisis hit. Not after. Before.

The framework is something I walk leaders through in detail when we work together, and it’s the foundation of the keynote I deliver to executive teams. But the principle behind it is simple enough to say here:

Real protection isn’t assumed. It’s validated. It’s practiced. And it’s owned at the top.

If your security has never been tested by someone outside your organization, it has never truly been tested.


Five Questions Every Leader Needs to Answer

Not for your IT team. For you.

  1. Who owns cybersecurity at your company right now — and do they have the authority and resources to act?
  2. When was your last independent audit, by someone with no conflict of interest in the outcome?
  3. When did you last practice your incident response plan under simulated pressure?
  4. Who has active credentials in your systems — and when were those credentials last reviewed?
  5. When did you last restore from your backups under real conditions, with the clock running?

If any of those answers are “I don’t know,” that is your starting point.

The companies that survive aren’t the ones that never get hit. They’re the ones that prepared, proved, practiced, and protected before the pressure was real. That work starts with a clear look at where the gaps actually are.


Book a Free 20-Minute Strategy Session  |  Schedule an Independent Risk Audit  |  Book Melanie as a Speaker


Written by Melanie Padron

Vice President of Strategic Growth · IT ArchiTeks
Risk Strategist · National Cybersecurity Speaker

Melanie Padron brings nearly three decades of risk management experience, spanning insurance and cybersecurity, to help trucking and logistics leaders validate security posture, strengthen resilience, and protect revenue before pressure reveals what preparation concealed.

She’s a nationally recognized cybersecurity keynote speaker and the creator of two acclaimed talks:

  • Surviving a Cyber Crisis: Real Stories. Real Lessons. Real Money.
  • Proof to Profit: How Leaders Protect Revenue in the Age of Ransomware and AI

To bring either conversation to your conference, association, or leadership team — visit ITArchiTeks.com or connect with Melanie directly on LinkedIn.