Cyber criminals are turning up the pressure. In 2024 alone, over 40% of UK businesses reported a cyber attack or breach, with ransomware and phishing among the top threats.
And now, the threat’s playing out on the national stage. Retail leaders like Marks & Spencer, Co-op and Harrods have all been hit – disrupting operations, damaging customer trust, and exposing critical weaknesses in supply chains.
These aren’t one-off events. They’re a wake-up call for businesses of every size, in every sector. If your cyber resilience is sitting on the sidelines, you need to bring it into the heart of your operational strategy.
But what’s actually happened, what’s changed, and what can BSIA members learn from the latest wave of attacks?
Back in April, M&S hit the headlines as the victim of a crippling ransomware attack. And we all saw how big the impact was. It was reportedly carried out by the financially motivated hacking group Scattered Spider using DragonForce Ransomware-as-a-Service (RaaS). The kicker? M&S completely halted online operations in England, Scotland, and Wales for 46 days.
In the same way over 90% of breaches happen – phishing. The attack began with a targeted campaign to exploit login credentials and remote access points. Once inside, the attackers moved laterally across systems and deployed ransomware that encrypted critical infrastructure, including servers linked to order management, payment processing, and logistics coordination.
Key virtual machines were inoperable. Staff were locked out. And M&S’s entire digital operation – including online shopping for clothing, homeware and gift cards – was forced offline.
The malware was sophisticated, and attackers demanded payment for decryption, but M&S refused to confirm if a ransom was paid.
The consequences were significant:
• Revenue loss: Over £300 million lost in online sales over the six-week shutdown.
• Market disruption: While share prices initially dipped, a 4% rebound came when online services resumed, signalling investor confidence in the brand’s recovery efforts.
• Customer trust: Frustration from loyal shoppers unable to access services, especially during seasonal sales periods.
• Operational overhaul: A planned three-year IT transformation programme was fast-tracked to 18 months.
So, what happened behind the scenes? The attack exposed gaps in preparedness. Staff were left relying on personal devices. Communication systems were disrupted. And in the early days, there was confusion about whether attackers still had access.
M&S quickly brought in external cyber security specialists and worked with law enforcement. CEO Stuart Machin publicly acknowledged the severity of the situation and committed to accelerating recovery.
Insurance claims were triggered, supply chain partners were engaged, and significant new investments in cyber resilience were announced.
As attackers become more sophisticated and more organised, no business is too big, too small, or too “offline” to be a target. But you can fight back.
And you can start by:
1. Building and testing your incident response plan
If you don’t have one, you need one. Know how you’ll respond if your systems are locked or customer data is exposed. Define who does what, how you’ll communicate with stakeholders, and how you’ll recover securely.
2. Stress testing your defences
Penetration testing simulates real-world attacks on your systems to find any weak spots before criminals do. Let ethical hackers try the door before anyone kicks it in.
3. Training your team regularly
Human error is still the number one cause of breaches. Regular, practical training helps staff spot phishing emails, report suspicious activity, and avoid common mistakes.
4. Locking down credentials
Use strong, unique passphrases and roll out multi-factor authentication (MFA) wherever possible. Breaches often begin with a compromised login.
5. Monitoring your third-party risks
If your suppliers, contractors, or service providers get breached, you could be next. Know who has access to your systems, and don’t assume their security is your security.
6. Embracing zero trust
Zero trust means no automatic access. Every user, device, and request should be verified every time. It’s a shift in mindset that helps stop lateral movement once attackers get inside.
M&S took 46 days to recover. Yes, that a lot of lost sales. But think about the lost loyalty, lost momentum, and increased scrutiny.
Attacks like these prove that you can’t view cyber security as an optional add-on, it needs to be a critical pillar of operational resilience. And in a world where ransomware-as-a-service is on the rise, every business should assume it’s a target.
You don’t need a million-pound budget to make progress. You just need a plan, good habits, and the right people on your side.
Let these headlines be your prompt.
Ready to test your cyber resilience?
Not sure where to start when it comes to cyber security or just want to identify your blind spots? Complete our quick Cyber Security Risk Assessment Survey
It takes just five minutes and could help you uncover critical vulnerabilities before attackers do.
As a thank you for completing the survey, we’ll provide you with a complimentary external vulnerability scan and a dark web scan.
As a valued BSIA member, you get exclusive access to preferential rates for Citation Cyber’s services — just use the code ‘BSIAMEMBER’ when you reach out. Click here to speak to an expert.