What happened
VSK is one of the country's largest insurers, with revenue of about 1.6 billion dollars. In November 2025 the company faced a ransomware attack. On day seven of downtime the website and mobile app were still offline, the domain pointed to a fraudulent channel, and customers could not buy policies or receive payouts. Full recovery took at least a week.
For a business of this scale, a week of downtime of key services is not only direct revenue loss but also a blow to customer trust and reputation. And the main lesson here is not about a specific company, but that a prepared continuity system could have cut the downtime to a few days.
Which BCM mechanisms reduce losses
A cyberattack is not just an IT task. It is a scenario you prepare for in advance. Here is what actually cuts downtime:
- Process criticality analysis (BIA) and recovery targets (RTO/RPO). When priorities are set in advance, the team does not lose hours on approvals during the attack — it is known what to restore first and within what time.
- Tested continuity plans (BCP) with clear ownership. Everyone — from IT to the front office — knows their actions in the first hours of the incident.
- Regular drills and team training. A ransomware-scenario drill surfaces gaps before a real attack and sharpens coordination between units.
The main takeaway
The difference between "down for a week" and "coped in two days" is not luck or the size of the IT budget. It is having pre-calculated priorities (BIA), recovery targets (RTO/RPO) and a tested plan the whole team knows. More on how to measure this — in "How to measure and test business resilience".
See how resilient your business really is
13 questions, 5 minutes, free — results on screen and by email.
FAQ
What are RTO and RPO?
RTO is the maximum acceptable time to restore a process. RPO is the acceptable amount of data loss. These set how fast a function must be back and how much data can be lost without critical consequences.
How does ISO 22301 help an ordinary company?
The standard sets the logic: identify critical processes, set recovery targets, prepare and test plans. Certification is optional — the methodology itself is valuable.
How to prepare for a ransomware attack?
At minimum — isolated backups, pre-assigned roles for the first hours of the incident, a customer communication plan and regular drills on this scenario.
