A Bloke in a Pub

Lucky Socks

Superstitious Learning

We all have a pair of lucky socks. Or something similar. The new socks that we wore when that interview went absolutely perfectly. On occasion, they may have let you down, but they’re still your lucky socks.

What’s happened here is that on one occasion, an isolated event (choosing to wear a new pair of socks) coincided with another isolated event (a successful interview) and the two have become linked in our minds. It’s not weird, we’re programmed to look for patterns and learn from them. But just occasionally it leads us astray. Unless of course, you’re the cyber industry, in which case it seems to be a full time occupation.

Background

KNP Logistics was a UK-based transport and haulage company that sadly went out of business in 2023, after suffering a ransomware attack. The incident was, inevitably, reported as “a rare public example of the existential threat that experts warn ransomware can pose to businesses”. Well, maybe. Because even the administrators hinted at pre-existing problems.

If you look at the headline financials (e.g. here), you can see that when things were going a bit better for them, the company made £1M after tax, on a turnover of around £77M. That’s actually quite a small margin. The more interesting statistic is the figure for Working Capital, which is somewhat less than zero (-£3.6M). Working Capital is defined as current assets (stuff you can use to pay bills), less current liabilities (the money that you need to pay out in the current business cycle). It’s often taken as an indicator of how well prepared the business is to cover its debts. What I got taught may be seen as a bit old-fashioned these days, but it was put to me that maintaining positive Working Capital is generally a good thing. KNP Logistics however, had been running with a negative value for some time (see here).

Which is not necessarily fatal. Supermarkets for example, partly because they’re retail businesses, but mostly because they have produce on the shelves for a couple of months before they actually have to pay for it, tend to have very little in the way of payments due in at any point, but quite a bit in terms of invoices that will fall due in the near term. Consequently they run with eye-watering levels of negative Working Capital. As long as the avocados keep flying off the shelves, all is well. What happens if they don’t? How come e.g. J Sainsbury’s haven’t tripped over their shoelaces and fallen headlong into the approaching tsunami of debt? The answer may be that they carry very large quantities of cash. Cash at hand reported in J Sainsbury’s 2023 accounts stood at about £1.9Bn, which is a huge amount of money to have stashed in the biscuit tin. So large in fact, that their shareholders should have been banging on the door to get them to invest that money in growth. But they don’t seem to have been.

If you look here, you can see what happens to their cash at hand quarter by quarter. During good times they build it up, during bad times they use it up. That money acts like a shock absorber, soaking up the bumps in the road. That’s why they don’t lock it up in long term investments.

How much of a shock absorber did KNP Logistics have available? About £500k before the problems hit, to soak up the lumps and bumps in a £77M revenue stream. Basically, not much. Plus it looks to have been mostly used up in the preceding twelve months. I might also point out that, as far as I can see from the available figures, the company didn’t make a profit in the five years before the year in which they went under, and at one point seem to have been losing about £3M per year. Happy to be corrected.

When they ceased trading, KNP Logistics owed money to a number of people, primarily a company called Leumi ABL, the “ABL” standing for Asset Based Lending. Typically in this sector, companies will secure large loans against their trucks, and on occasion, also their premises. This is referred to as being highly leveraged, or highly geared, meaning that they’re operating primarily on loan capital rather than share capital. Which is fine as long as interest rates are low. Just to set the scale, in the last year that I can find figures for, the company was paying out about £0.5M per year in interest. Like I say, fine as long as rates are low.

In the middle of 2022, UK base rates were indeed low, at about 1%. However, by the middle of 2023 they’d risen to more like 5%. At one point in the same period, the cost of DERV (diesel fuel) had risen by about 30% year on year. Assuming you’re running your trucks at close to full utilisation, DERV is a non-negotiable cost, as are the interest repayments on your loans. It doesn’t matter if you get one customer or a hundred, you still have to make those payments. That’s why they’re called fixed costs.

So in summary: wafer thin margins; very little in the way of a shock absorber; and very high gearing.

A Wider Look

Tuffnells, another UK based transport company, went under in the same year. The reports of their demise point to the same factors. Because when your fixed costs rise, you have two options: find more customers (difficult, when demand is falling); or persuade your current customers to pay more (also difficult, since this is a commodity market).

Tufnells did about £180M in revenue in the year before they went under, and only about £65M in the five months before closing down. A £5.5M profit in the year before turned into an operating loss of £4.4M in just five months. The loss was put down to “the competitive nature of the logistics industry, challenges with cost base inflation and associated pricing challenges in passing this through to the company’s customer base”.

In fact, in 2023, some 463 UK based transport and haulage companies went under, and for much the same reasons. Declining demand, and fixed cost base inflation. A number of sources have pointed out that the economic circumstances prevailing at the time constituted a ‘perfect storm’ for the industry.

To pick one company out of nearly five hundred, and claim that it shows ransomware to be an existential threat, is plainly absurd. You can only arrive at that conclusion if you ignore every other factor. Which unfortunately, is exactly what the cyber community tend to do. None of this is rocket science, and it uses nothing but publicly available information. Placing events like this into context isn’t difficult. But you’re on a hiding to nothing, waiting for cyber practitioners to do it. Which means that someone else has to step up.

The management team maybe?

Selected Sources

  1. BBC: Superstitious learning: Can ‘lucky’ rituals bring success? Available from: https://www.bbc.com/worklife/article/20220708-superstitious-learning-can-lucky-rituals-bring-success
  2. UK logistics firm blames ransomware attack for insolvency, 730 redundancies. 2023. Available from: https://therecord.media/knp-logistics-ransomware-insolvency-uk
  3. KNP Logistics: A Cautionary Tale of Cybersecurity. 2023. Available from: https://insolvencyandlaw.co.uk/knp-logistics-a-cautionary-tale-of-cybersecurity
  4. Record level of British haulage businesses going bust ‘at a rate unheard of’. 2023. Available from: https://www.cityam.com/record-level-of-british-haulage-businesses-going-bust-at-at-a-rate-unheard-of
  5. Report reveals details of Tuffnells administration. 2023. Available from: https://www.insidermedia.com/news/yorkshire/report-reveals-details-of-tuffnells-administration

Published separately 27th May 2024

Edited 1st July 2024

Edited 22nd January 2025

Edited 10th March 2025