How Colt's CEO Keri Gilder led through a cyber attack while protecting customer networks

2025 will, in digital leadership circles, always be remembered as a year of major cyber attacks. Some became front-page national news, such as retailer Marks & Spencer and Tata-owned luxury SUV maker Jaguar Land Rover. For enterprise communications provider Colt, an attack in August 2025 may not have made the front pages, but within the business, the strain was immense. CEO Keri Gilder sat down with diginomica to discuss how her organization responded, as well as the future trajectory for this key supplier to CIOs.

Europe was bathed in a perfect summer in 2025, but for the staff of network service provider Colt, it was not halcyon days. An internal business system was hit, with cybercrime group Warlock claiming responsibility. In a statement at the time, CEO Gilder said:

We immediately and intentionally closed down some of our systems as a precaution. We reported the incident to the relevant authorities, and we consulted with leading cybersecurity experts who worked alongside our internal teams, day and night.

In her London office, Gilder explains that the incident was a "reset" from a year that, up to that point, had gone really well for the organization, including the acquisition and integration of submarine telecommunications network Lumen. She says the entire organization had to change direction:

Everybody was focused on the containment, eradication, and the recovery, and we're still in the process of recovery.

She describes the decision to close down internal systems as not only precautionary but brave:

And I hope we would never have to do that again. But at the time, it was the right decision. We shut down every single avenue for them, and by doing that, we protected our customers.

Our diginomica network confirms that core services were not impacted. CIOs at a pair of international organizations that rely on the Colt network confirmed services kept running, and the separation between the internal Colt systems and the customer network was delivered well and vitally important to them. One observed that ordering new circuits became a manual process, but said:

They did keep services running really well - and we have a high-quality bar.

It has become a common refrain in digital leadership circles that the response to an incident is as critical as the defense against one. In her statement to customers and the market, Gilder said:

To be clear, the incident has been contained, and we have taken steps to remove the threat actor from our environment. Our systems are secure, with recovery and rebuilding firmly underway. Colt has been further enhancing our detection and response capabilities using the latest security tools and external experts’ advice.

And she told us:

We've been quite aggressive at being able to deliver services. We were able to get 250 processes up within 48 hours manually. So we could still run our business.

Colt provides cybersecurity services and is a pioneer of quantum encryption. Combined with the firm’s own cybersecurity team and some external expertise, Gilder says the decision-making was fast. She adds that a red team exercise a month earlier helped, and she cannot recommend carrying out such events highly enough. In their red team event, the firm discovered that it needed crisis communications skills and immediately recruited just such a partner, not expecting to use them just a month later. She says:

When everything goes black and dark, the only thing you can rely on is people and communications.

What I realized through the event is leadership is leading people, and it's not leading technology, and it's not leading systems and processes.

Leadership Lessons

There were business and technology reminders, Gilder says. The incident showed the value of constantly looking at the single points of failure in the organization. She adds that organizations need to consider how they respond to a single point of failure once an incident happens, highlighting that these incidents are extremely stressful for the staff and that can then lead to burnout and further problems. She says:

What happens if you're CIO or your CISO has a mental breakdown? Have you actually played out that scenario? Your teams are working, 24/7, to get things back up and running, and nobody tells you that six months later, probably some of the team will have PTSD. You must make sure that you're taking care of your employees. There's a lot of emotion that goes into this that we never practice as leaders.

Gilder says the cyber attack and the major power cuts in Spain in April 2025 have made her really focus on business continuity.

As we discuss the precarious nature of today’s global economy in her office, a set of dolls stares down at me. These dolls are not frivolous playthings, but icons of great female leadership, among them are civil rights activist Rosa Parks. Gilder explains their story:

My grandmother used to buy me a doll for every birthday and every Christmas, and my grandfather bought me Mattel stock. And so I've always had an association with Mattel Barbie.

She turns to look at the shelves behind her CEO desk and adds:

I have heroes that I can look up to and say, you know what, on a bad day during a cyber attack…we're going to get through this.

Network Opportunities

Gilder describes 2025 as a year of two halves. Before the cyber attack, the firm was acquiring and growing. The business is a major enterprise network provider with connections to 230 cities in 40 countries and provides a cloud-managed service, SIP trunking, and cyber services.

Network operators always run the risk of being commoditized and seeing their profit margins decrease, while the operating costs of such significant networks remain. Some systems integrators, for example, have begun to offer networking services to CIOs alongside their traditional areas of business. Asked about this, Gilder says the wholesale side of the business is changing as services like SD-WAN are no longer a market that telcos dominate, but she says the connection requirement of businesses has become more important, especially in an age of AI. Latency and complexity are the enemies of AI, and here she believes Colt has a real advantage. She says:

For me, the differentiation in the value to the customer is still around connectivity, but it's not just physical connectivity. It's also the connections that we have around the world and the ability to understand those communities and requirements. We understand where the AI environment is being built. We understand that inference is the next generation of requirements for the enterprise.

She believes this ties in directly with the pressure points facing CIOs today:

If you look at the OKRs of a CIO, whether that's the operational cost, getting more out of their capital investment, or data workload, we can help them to make sure that they have the right level of network. To me, the network is the circulation system of any organization.

Our role in the world is important, and it feels good to be important. Even in this macro environment, we are in a business that is recession-proof. Why? Because it is necessary.

Gilder is also staying the course with committing Colt to becoming a more environmentally sustainable business. Not only for compassionate reasons, but she says:

It's the right thing to do as a business and as a CEO, it's the only thing to do. If I'm not being more sustainable and self-sufficient, then in 10 years from now, I'm going to be in a really hard position.

My Take

Being upfront and talking about cyber attacks is the way forward. 2025 may have been the year of major cyber attacks, but Gilder and her peers at Marks & Spencer have set an important precedent.