It's the kind of phone call we dread. Someone we've never spoken to, panicked, because everything's locked up and there's a ransom demand on the screen. They found our number online. And they need help now.
You'd think this would be good for business. It isn't. A friend in need might be a friend indeed, but by the time someone's calling us in crisis, it's too late to be the kind of help we'd want to be. We can't undo what's happened. We don't know their systems. We're meeting them on the worst day of their professional life.
So I wanted to write down what actually happens after an attack. Not the sanitised version from insurance brochures, but the real sequence of events. Because if you understand how painful recovery actually is, you might take prevention a bit more seriously.
Monday Morning, Everything's Broken
Your staff arrive, try to log in, and nothing works. Email's down. Files are encrypted. An ominous alert demands $50,000 in Bitcoin.
The next few hours are rough. Nobody knows how bad it is. Customers are calling wondering why you've gone dark while you're trying to figure out who to call without panicing the whole team.
Business owners can make some bad calls in the heat of the moment. Paying ransoms immediately (with no guarantee they'll get anything back), or wiping systems before anyone can figure out how the attackers got in. Panic doesn't help.
The First Week is Forensics
Once things stabilise, you need answers. How did they get in? What did they take? Are they still in there?
This usually means bringing in specialists. They'll dig through logs, trace the attack, figure out what was accessed. You might need this information for your insurance claim, but will definitely need it for the Office of the Australian Information Commissioner if customer data was involved.
Meanwhile, your business is limping along. Maybe you're running off phones and paper. Maybe you've told clients you'll be back online "soon" without really knowing when that is.
IBM publishes an annual Cost of Data Breach Report. It's the most rigorous research we have on this stuff. Their 2025 report found that, on average, it takes organisations 241 days to identify and contain a breach. That's eight months just to stop the bleeding. And only 12% of breached organisations in their study were able to fully recover. The rest were still dealing with it when the researchers checked back in.
The Bill (And Why The Numbers Are Murky)
The cybersecurity industry loves throwing around scary statistics, and not all of them stand up to scrutiny.
You've probably heard that "60% of small businesses close within six months of a cyber attack." It gets repeated everywhere. But when Bank Info Security actually traced that figure back to the US National Cyber Security Alliance, the Alliance's executive director said it wasn't their statistic and "its original source cannot be confirmed." It's a zombie number that's been repeated so often it became accepted fact.
Similarly, you'll see figures like "the average cost of a cyber attack for small business is $120,000 to $500,000." Nationwide Insurance claims this from their claims data. IBM's 2024 report put the global average at $4.88 million, but their methodology focuses on larger organisations. The truth is, reliable data on small business specifically is hard to come by, because small businesses don't have the resources to participate in lengthy research studies after they've just been attacked.
Here's what we do know for sure: it will cost you.
IBM's research shows that 70% of breached organisations reported significant or very significant disruption to their operations. The 2025 report found the average cost of a breach in the US hit $10.22 million. A record high driven by regulatory fines, lost business, and post-breach customer support.
For a 25-person business in Sydney, the numbers will likely be smaller, but the impact relative to your size will be worse. You don't have a dedicated security team. You don't have months of cash reserves. You probably don't have cyber insurance. When IBM says recovery took more than 100 days for most organisations that eventually recovered, remember those are companies with resources you don't have.
The practical costs: forensic investigation ($15,000-$30,000 according to some sources), legal advice, notifying affected customers, potential fines under the Privacy Act, increased insurance premiums going forward. And that's before you count the revenue you lost while your systems were down.
Getting Back on Your Feet
Assuming you get through the crisis, recovery takes months. You're restoring from backups (if you have good ones), rebuilding systems, implementing the security measures that should have been there before, dealing with ongoing insurance paperwork, and trying to win back customers who got nervous.
Your team's probably stressed and exhausted. Cyber attacks aren't just an IT problem. They affect everyone in the business.
And the whole time, you're spending money you hadn't budgeted for, on something that wasn't supposed to happen. And earning less. Or nothing at all.
Why You Need Someone Before You Need Them
Here's something that doesn't get talked about enough: the moment after a cyber attack is the worst possible time to be finding an IT provider.
You're panicked. You're Googling "cyber attack help Sydney" at 7am. You're calling whoever answers first. And you have no way of knowing whether they're any good, whether they're overcharging you, or, and this is the dark bit, whether they're actually connected to the attack in the first place.
It's not paranoia. Social engineering is part of the playbook now. Attackers have been known to pose as helpful IT consultants who just happen to reach out at the right moment. When you're desperate and your systems are down, you're not thinking clearly about who you're handing your passwords to.
Compare that to having an existing relationship with someone who already knows your systems, already has your documentation, and can start working immediately because they don't need to spend the first two days figuring everything out. Or better yet, someone who helped you prevent it from happening in the first place. Someone you've already vetted. Someone whose number is in your phone, not pulled from a frantic Google search.
That relationship costs you very little when things are fine. When things aren't fine, it's worth everything.
The Point of All This
I'm not writing this to frighten anyone. I'm writing it because I've watched businesses go through this, and it's awful. And most of the things that prevent most attacks aren't complicated or expensive:
- Multi-factor authentication (the thing where you need your phone to log in)
- Decent passwords, not reused
- Software that's actually kept up to date
- Backups that are tested and stored properly
- Staff who know what a phishing email looks like
None of that is glamorous. It doesn't feel urgent until something goes wrong. But it's a lot cheaper than whatever the real cost of a hack turns out to be. And the research is clear that it will be significant, even if the exact figures are harder to pin down than the industry likes to admit.
We've been looking after Sydney businesses for over 20 years. If you're not sure where you stand, or you just want someone in your corner before you actually need them, we should talk. No hard sell, just a conversation about what you've got and where the gaps might be. Get in touch.
WhatsApp 