Following a crippling cyberattack on Marks & Spencer, UK businesses face mounting fears over ransomware costs, remote worker device vulnerabilities, and the growing threat posed by AI-enabled hacking, prompting calls for stronger cyber defences ahead of new government legislation.
British businesses are increasingly alarmed by the potential for cyberattacks to devastate their operations, a fear vividly highlighted by the recent assault on Marks & Spencer (M&S). A survey conducted by Absolute Security revealed that two-thirds of security leaders at medium and large firms in the UK perceive similar attacks as potentially crippling. They estimate that the financial burden from ransom demands and subsequent clean-up could reach millions, jeopardising the futures of numerous organisations. Following the Easter attacks, which inflicted a £300 million toll on M&S and shaved £1 billion off its market value, the dire implications for integrity and profitability resonate deeply across the retail sector.
The attack, attributed to the notorious hacker group Scattered Spider, employed sophisticated social engineering tactics, illustrating a worrying trend in cybercrime. This group's modus operandi involves meticulously researching personal information to impersonate employees and exploit vulnerabilities, particularly in help desk systems. Scattered Spider has been implicated in various high-profile breaches, showcasing their audacity and adaptability amidst ongoing efforts by cybersecurity firms to counteract their schemes. The fallout from the M&S incident alone—financial losses and compromised customer data—may now even escalate into a class action lawsuit, signalling the extended repercussions of such infractions.
Compounding these threats is the more profound issue of remote work. The survey underscored that 62% of cybersecurity leaders regard devices used by home-working staff as significant weak points in their defences. Andy Ward, SVP at Absolute Security, noted that recent breaches have highlighted the vulnerabilities that telecommuting has introduced. With many employees reluctant to return to the office, essential security updates on personal devices are often neglected for extensive periods, heightening exposure to cyber threats.
As businesses navigate these tumultuous waters, the financial implications of ransomware attacks loom large. Data reveals that over half of the surveyed companies experienced a ransomware incident in the last year, with the average cost to a victimised organisation reaching approximately £850,000. In severe cases, recovery costs can outstrip the initial demands, as seen with the Royal Mail, where the LockBit group demanded £65 million. Furthermore, the repercussions of cyber breaches are not merely financial; they can lead to job losses and even insolvency, as seen with companies like Travelex and KNP Logistics. Both fell victim to significant cyber assaults and subsequently shut down operations with devastating impacts on employment.
The growing prevalence and sophistication of cyber threats strain already overextended resources, particularly as the National Cyber Security Centre (NCSC) reported a threefold increase in severe attacks recently. This increase necessitates a proactive and robust approach to cybersecurity measures. Richard Horne, CEO of the NCSC, emphasised the need for improved cybersecurity hygiene and infrastructure resilience, particularly in high-stakes sectors such as health.
Looking ahead, the intersection of artificial intelligence with cybercrime poses an additional challenge. According to Cabinet Office Minister Pat McFadden, the expansion of AI technologies will likely amplify both the frequency and severity of attacks. The government's upcoming Cyber Security and Resilience Bill aims to bolster protections and urges both public and private sectors to enhance their defence strategies.
In summary, as UK businesses face an ever-evolving landscape of cyber threats, the imperative for robust cybersecurity measures is more pronounced than ever. With the stakes so high, protecting sensitive data and ensuring operational integrity are essential to safeguarding not just individual firms but the broader economic landscape.
Reference Map:
Source: Noah Wire Services
More on this
-
https://www.dailymail.co.uk/news/article-14770439/WFH-staff-leaving-British-businesses-exposed-cyber-attacks.html?ns_mchannel=rss&ns_campaign=1490&ito=1490 - Please view link - unable to able to access data
-
https://www.ft.com/content/6d47ef31-ed80-41cf-a2bd-d0e02a280e22 - Scattered Spider, a notorious hacking group, was behind the recent breach of British retailer Marks and Spencer (M&S), causing significant financial losses up to £300 million in operating profits and over £600 million in market capitalization. The gang, composed of mainly English-speaking members, uses advanced social engineering and online traps to gain access to corporate systems. Their strategy involves impersonating employees through well-researched personal information and exploiting help desk vulnerabilities. Scattered Spider has also been linked to the 2023 MGM Resorts hack and appears to collaborate with other cybercriminals like ransomware gang Dragon Force for negotiations. The group has targeted companies like Tinder, Louis Vuitton, and News Corp, though there is no confirmation of successful breaches. Despite arrests made in Spain, the UK, and the US, the group seems resilient. Cybersecurity firms, including Mandiant and Silent Push, have tracked their activity and warned potential victims. The motive for these hackers often extends beyond financial gain, seeking recognition and notoriety. As part of the complex ransomware ecosystem, Scattered Spider focuses on initial access while other gangs handle encryption and ransom negotiations. Their slogan, 'Mischief before money,' reflects their penchant for notoriety over profit. ([ft.com](https://www.ft.com/content/6d47ef31-ed80-41cf-a2bd-d0e02a280e22?utm_source=openai))
-
https://www.ft.com/content/c9bd0a6a-eedf-4c98-8e2d-8deffd851761 - A recent cyber attack on Marks and Spencer (M&S) underscores the growing vulnerability of businesses to cyber threats. The attack, attributed to the hacker group Scattered Spider, disrupted services including online clothing sales and contactless payments, with the company facing a potential £300 million hit to operating profits. The breach, linked to third-party human error, exposed customer data and has prompted a class action lawsuit. M&S is still recovering, expecting full operational restoration by July. Cyber attacks like this—often involving ransomware that encrypts vital data—represent a form of asymmetric warfare against unprepared corporate infrastructures. Many companies grapple with outdated or patched-together IT systems and rely on external vendors. Experts stress that while total prevention is unlikely, better practices such as software updates, multi-factor authentication, backups, and operation segmentation can mitigate damage. Building cyber resilience through early detection, response, and containment is essential. More than half of UK businesses faced cyber attacks in the past five years, highlighting the need to expect disruptions and prepare systematically to endure them. ([ft.com](https://www.ft.com/content/c9bd0a6a-eedf-4c98-8e2d-8deffd851761?utm_source=openai))
-
https://www.ft.com/content/5ce0a155-ddc2-43e4-a383-c6e78f51f836 - Chief legal officers are facing increasing pressure due to the growing sophistication of cyber threats. One notable incident involved a UK engineering company losing $25 million in Hong Kong through a deepfake scam. A survey by the Association of Corporate Counsel identified cybersecurity as one of the top concerns for these legal professionals. Regulators and organizations like the European Central Bank are urging better preparation against cyber attacks, which have become more frequent and costly. Legal teams are critical in planning and responding to such threats, frequently engaging in war-gaming exercises and scenario planning. Ransomware attacks are particularly concerning, with legal counsel playing a significant role in decision-making. Companies also focus on educating staff about cyber threats and ensuring third-party suppliers comply with cybersecurity standards. Compliance with global regulations, such as Europe's upcoming Digital Operations Resilience Act (Dora), further stresses the importance of legal counsel in maintaining cyber resilience and preventing litigation. ([ft.com](https://www.ft.com/content/5ce0a155-ddc2-43e4-a383-c6e78f51f836?utm_source=openai))
-
https://www.ft.com/content/6603dac2-1c01-41e7-9925-4042500ccc53 - The UK's National Cyber Security Centre (NCSC) has reported a significant increase in severe cyber attacks over the past year, warning of a widening gap in the nation's ability to combat such threats. The NCSC observed a tripling of these attacks, affecting key organizations like London hospitals and the British Library. Chief executive Richard Horne emphasized the need for increased efforts to keep up with rapidly advancing cyber threats, particularly those from state-led entities such as Russia, China, and North Korea, as well as sophisticated criminal organizations. The NCSC received nearly 2,000 reports of cyber attacks, with a significant number requiring agency support. The agency highlighted the critical need to improve the cyber security of public infrastructure and supply chains and underscored the importance of basic cyber hygiene and strong password practices to fend off commodity cyber attacks. However, the increasing sophistication and volume of state-led and criminal cyber activities pose a growing challenge exacerbated by the use of AI in cyber operations. ([ft.com](https://www.ft.com/content/6603dac2-1c01-41e7-9925-4042500ccc53?utm_source=openai))
-
https://www.reuters.com/business/retail-consumer/britain-face-more-cyberattacks-ai-adoption-grows-minister-says-2025-05-07/ - As AI technology becomes more widespread, the United Kingdom is expected to face an increase in both the frequency and severity of cyberattacks, according to Cabinet Office Minister Pat McFadden. Speaking at the CyberUK 2025 conference, McFadden announced the declassification of an intelligence assessment revealing that AI will escalate cyber threats in the coming years. In 2024, the National Cyber Security Centre (NCSC) received nearly 2,000 cyberattack reports, with 90 considered significant and 12 classified as highly severe—a threefold increase in major incidents from the previous year. Recent ransomware attacks have targeted notable British retailers including Marks & Spencer, the Co-op Group, and Harrods, resulting in significant operational disruptions. McFadden emphasized that cybersecurity is a vital necessity, not a luxury, and urged both public and private sectors to strengthen their defenses. The government plans to introduce a new cyber security strategy and legislate new powers under the upcoming Cyber Security and Resilience Bill. NCSC CEO Richard Horne also advocated for ending ransom payments to undermine the attackers' business model. ([reuters.com](https://www.reuters.com/business/retail-consumer/britain-face-more-cyberattacks-ai-adoption-grows-minister-says-2025-05-07/?utm_source=openai))
-
https://www.hiscoxgroup.com/news/press-releases/2023/10-10-23 - Over half (53%) of businesses suffered at least one cyber attack over the last 12 months—a five-point increase on the previous year (48%) according to new data from the latest Hiscox Cyber Readiness Report. The Hiscox Cyber Readiness Report—based on the views of over 5,000 organisations of all sizes across eight countries—found that cyber attacks have increased for the fourth consecutive year. Attacks on small businesses with less than ten employees have risen from 23% to 36% over the last three years, as cyber criminals look to leverage vulnerabilities in IT technology. Small businesses of less than 250 employees also report a lack of confidence around cyber, with only three in five (61%) confident that they could handle an attack, compared to 71% of larger businesses. Companies with 1,000 or more employees felt that cyber attacks were more commonplace than ever before, with seven out of ten (70%) experiencing at least one attack—up from 62% a year ago. ([hiscoxgroup.com](https://www.hiscoxgroup.com/news/press-releases/2023/10-10-23?utm_source=openai))
Noah Fact Check Pro
The draft above was created using the information available at the time the story first
emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed
below. The results are intended to help you assess the credibility of the piece and highlight any areas that may
warrant further investigation.
Freshness check
Score:
8
Notes:
The narrative references a recent cyberattack on Marks & Spencer (M&S) attributed to the hacker group Scattered Spider, with financial losses up to £300 million. This aligns with reports from reputable sources such as the Financial Times and Reuters, published in the past week. The inclusion of updated data and specific figures suggests a high freshness score. However, the Daily Mail article may have recycled content from these earlier reports, as it shares similar details and figures. This raises concerns about originality and potential disinformation. Additionally, the narrative includes a reference map with links to other articles, indicating a reliance on existing sources. The presence of a press release from Absolute Security further suggests that the content may be based on pre-existing information. While the update justifies a higher freshness score, the recycling of older material warrants caution. The narrative also highlights the impact of remote work on cybersecurity, a topic that has been discussed in various reports over the past year. This suggests that while the article provides timely information, it may not offer entirely original insights. The inclusion of updated data and specific figures suggests a high freshness score. However, the recycling of older material and reliance on existing sources raise concerns about originality and potential disinformation.
Quotes check
Score:
7
Notes:
The narrative includes direct quotes from Andy Ward, SVP at Absolute Security, and Richard Horne, CEO of the National Cyber Security Centre (NCSC). A search for these quotes reveals that they have been used in earlier reports from the Financial Times and Reuters, published in the past week. This suggests that the quotes are not exclusive to the Daily Mail article and may have been reused from previous sources. The presence of these quotes in earlier material raises concerns about the originality of the content. However, the inclusion of these quotes adds credibility to the narrative, as they are from reputable sources.
Source reliability
Score:
6
Notes:
The narrative originates from the Daily Mail, a UK-based tabloid newspaper. While it is a widely read publication, it is often considered less reliable compared to other UK media outlets. The reliance on a single source for the majority of the content raises concerns about the reliability and potential bias of the information presented. The inclusion of references to other reputable sources, such as the Financial Times and Reuters, adds some credibility to the narrative.
Plausability check
Score:
8
Notes:
The narrative presents a plausible account of the cyberattack on M&S, detailing the methods used by the hacker group Scattered Spider and the financial impact on the company. The inclusion of specific figures, such as the £300 million loss in operating profits and the £1 billion reduction in market value, aligns with reports from reputable sources. The discussion of the impact of remote work on cybersecurity is also a timely and relevant topic. However, the reliance on a single source and the recycling of older material raise concerns about the originality and potential bias of the content.
Overall assessment
Verdict (FAIL, OPEN, PASS): FAIL
Confidence (LOW, MEDIUM, HIGH): MEDIUM
Summary:
The narrative presents a plausible account of the cyberattack on M&S, but the reliance on a single, less reliable source and the recycling of older material raise significant concerns about the originality and potential bias of the content. The inclusion of direct quotes from reputable sources adds some credibility, but the overall assessment is negative due to the issues identified.
Tags:
-
Cybersecurity
-
Ransomware
-
AI
-
Remote work
-
Marks & Spencer
-
Scattered Spider
