Tramsa Mobility on the Ropes: Dealing with a Cyberattack (C)

  • Reference: SI-210-E

  • Year: 2020

  • Number of pages: 2

  • Geographic Setting: España

  • Publication Date: May 31, 2021

  • Source: IESE (España)

  • Type of Document: Case

Grouped product items
Format Language Reference Use Qty Price
pdf English SI-210-E
As low as €5.74

You already have a subscription

To order please contact the person in charge of academic purchases in your university.
You'll be able to order once your profile has been validated.


In summer 2020, Tramsa Mobility, a Spanish transportation carrier that operated several concession contracts from the administration, was victim of a ransomware attack that seriously threatened the ability of the company to operate the thousands of buses that gave service to some of the largest cities in the country. The case, broken up in three different parts, describes how the company dealt with the crisis, with new challenges and difficulties appearing in each of the three subcases: the failure of the systems used to track the buses or organize driver shifts, which forces the local operations to write them by hand, the relationship with Tramsa's Chilean parent, which is fearful that the hack might affect its own systems, the breakdown of the backup systems that were expected to help Tramsa in sitautions like these... As Tramsa goes through its most difficult week, the company's executives find themselves having to make critical decisions, with little time, to prevent the company's operations from collapsing. Moreover, the cases also propose a wider debate, centered around whether the company was adequately prepared for a crisis like this, and whether the steps Tramsa is now taking to increase the security of its systems are adequate, sufficient, yet proportionate.

Learning Objective

The case aims to educate executives on the risks posed by cyberattacks, and help them develop good practices to prevent situations that may threaten the business. Cyberattacks are a growing risk, given the progressive expansion of IT infrastructure in modern companies - both at the corporate and operative level - and the popularization of practices like working remotely, or the use of private devices. Moreover, the availability of tools needed to hack and infect modern computer networks (with practices like "hacking as a service") has dramatically increased. The case has 4 basic areas of discussion: 1) The impact of a cyberattack on the continuity of the business, and how to preserve it. 2) The need to evaluate and improve the resilience of a company's IT infrastructure, and to prepare for a possible attack. 3) Roles and responsibilities within the organization regarding cybersecurity. 4) The need to treat cyberattacks as one of the risks to the business.

Related Documents


Crisis cybersecurity hack Ransomware Security