Royal Mail has spent £10 million in remediation costs after LockBit cyber attack

Royal Mail logo displayed on a red delivery van
(Image credit: Getty Images)

International Distributions Services (IDS) has revealed that efforts to remediate the January 2023 Royal Mail cyber attack have cost $12.4 million (£10 million). 

The parent group of the UK’s national mail service said it spent millions on both remediation and attempts to bolster cyber resilience in the six months leading to 24 September. 

Financial statements filed on 16 November show that the £10 million ($12.4 million) spent on remediation and resilience contributed to a 5.6% yearly increase in infrastructure costs at the group. 

IDS revenue also declined by 6.5%, equivalent to a decrease of around £22 million ($27.3 million), the firm revealed. 

Exact details on how the money was allocated were not given by IDS in its earnings report. However, SecurityScorecard CISO Steve Cobb said spending in this area likely includes system rebuilds and new hardware purchases. 

“Remediation could include activities like system recovery and rebuild,” he said.

Ransomware infections will many times leave systems unusable, so they must be rebuilt from scratch and this could include purchasing new hardware and new virtual services.”

Cobb added that high remediation costs are often incurred “even if the company pays the ransom and gets a decryption key”. 

“The decryption process is typically ineffective and really just gives an organization access to unencrypted data that then must be migrated to functioning infrastructure. This is very time consuming and costs lots of money.”

Royal Mail cyber attack: What happened?

Royal Mail was struck by a cyber attack in January 2023 which crippled IT systems at its Heathrow Worldwide Distribution Center. 

This distribution center processes virtually all mail leaving and entering the UK, meaning that disruption to operations created chaos for both individuals and businesses across the country. 

It took over a month for Royal Mail to resume export services. 

LockBit initially disputed claims it was behind the attack, but later admitted responsibility and demanded the postal service pay a £66 million ($81.8 million) ransom.


Red whitepaper cover with title and logo

(Image credit: Trend Micro)

Get insights into how malicious actors target the attack surface


Negotiations between LockBit and Royal Mail were leaked by the ransomware group in an attempt to strongarm the service into complying with demands.

In mid-February, LockBit published 44GB of stolen data belonging to Royal Mail and revised its ransom demand to £33 million ($40.9 million).

Data leaked by LockBit included contract information with third-party suppliers and staff records, including Covid vaccination records.

Hefty remediation costs

The costs associated with breaches have been rising in recent years, with recent analysis from ExtraHop showing that companies subject to data incidents experience a significant drop in income.  

Public companies affected by data breaches experience an average net income drop of 73% within the first year of a data breach disclosure, ExtraHop said. 

In October 2023, MGM Resorts revealed a ransomware attack against the hotel chain had resulted in a $110 million loss. This includes $10 million (£8.1 million) in consulting fees to remediate the incident. 

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at, or on Twitter and LinkedIn.