When most people think about a cyberattack, they think about stolen data.
But some of the most immediate damage has nothing to do with what was taken. It has to do with what suddenly stops working.
That is what makes the recent Foster City ransomware incident such an important example. On March 19, 2026, the city of Foster City said ransomware had been identified on its networks and that the breach was widely impacting city services. The city said public services outside of emergency response were temporarily paused, and most computer systems were taken offline as a precaution.
This is the lesson many organizations still underestimate: a cyber incident can become an operational crisis very quickly.
In its public updates, Foster City described broad service disruption, limited operations, and ongoing issues with email and phone systems as officials worked to contain the attack and investigate its scope. The city brought independent cybersecurity experts, worked with law enforcement, and later declared a state of emergency to help secure outside support for recovery.
That matters because it shows how cyber incidents affect far more than IT.
When systems go offline, service delivery slows down. Communication becomes harder. Internal coordination weakens. Teams are forced into manual workarounds. Even if emergency functions are preserved or restored, the rest of the organization may still be paused, while later reporting said much of the city's network remained offline even after emergency services and 911 lines were restored.
One of the clearest lessons from Foster City is that the cost of a cyberattack is often measured in continuity, not just exposure.
For public agencies, that may mean delayed services, limited public access, and strained communications. For businesses, the same principle applies. A ransomware incident may halt customer support, disrupt billing, delay orders, interrupt production, or cut off staff from the tools they rely on every day.
In other words, the first business question after an attack should not only be, "Was data accessed?" It should also be, "What can we still operate right now?"
That is where resilience becomes critical.
Foster City's experience is a reminder that cyber readiness is not just about prevention. It is also about how well an organization can respond when important systems become unavailable.
A strong response depends on knowing which systems are most critical, what services rely on them, what fallback processes exist, and how communication will continue during disruption. If an organization has not planned for operating without normal access to its core platforms, even a contained cyber incident can create outsized business damage.
This is especially relevant for organizations that depend on a small number of shared systems for communication, scheduling, service delivery, customer information, or operations. When one part of that environment is hit, the effects can spread quickly.
The Foster City incident is a reminder that ransomware is not just a security issue. It is a continuity issue.
It can affect how an organization serves people, communicates internally, and maintains trust during disruption. It can force difficult decisions about which systems to shut down, which services to pause, and how to recover while normal operations remain limited.
That is why operational resilience matters so much. The organizations that recover best are usually not the ones that avoid every incident. They are the ones that prepare for disruption before it happens.
Foster City's ransomware incident shows that cyberattacks are not just digital problems happening in the background. They can quickly become visible service disruptions that affect how an organization functions day to day. The city said the breach widely impacted services, required systems to be taken offline, and ultimately led to a state of emergency as recovery continued.
For businesses, the message is simple: the real cost of a cyberattack is not only what is stolen.
It is what the organization can no longer do.