£300m M&S hit shows cyber resilience is crucial

Recent cyber attacks on major UK retail organisations have once again made cyber resilience headline news. Marks and Spencer’s full year 2025 financial results showed the attack on the retailer cost it an estimated £300m in lost profits. It was hit over the Easter weekend, back in April, and only reopened for online orders this week. More recently, jewellers Cartier and fashion brand The North Face revealed that they, too, had been attacked. 

It’s a reminder to organisations in all sectors that digital resilience is a commercial and operational imperative, a fact supported by the urgent issuance of guidance from the UK National Cyber Security Centre (NCSC).  

This insight explains the NCSC’s guidance issued in light of the attacks, offers an overview of the situation and suggests immediate preventative measures to combat cyber threats and enhance cyber security resilience. 

Cyber threats are increasingly sophisticated and pervasive. Traditional security measures are, frankly, struggling to keep pace with the rate of innovation and scale of the threat. The UK government’s most recent annual cyber survey identified that 43% of UK businesses experienced a cyber incident in the previous 12 months. Considering the increase in AI-enhanced and enabled attacks, it is unlikely that this statistic will fall in the coming years.  

Not only are sophisticated cyber threat groups researching and developing new technical attack methods for their own use, but they are also selling access to their attack tools and techniques to less technically capable criminal groups and individuals.This includes attack automation and procedural playbooks, with step-by-step guides on how to conduct cyber attacks.  

These developments have significantly lowered the technical barriers to entry and significantly increased the number of malicious operators capable of harming organisations. Add into the mix the potential for insiders (staff, contractors and third parties with permissions) to act maliciously or to accidentally harm the organisation, and you begin to understand the need to prioritise cyber resilience throughout 2025 and beyond.

The NSCS’s recent guidance responded to the spate of cyber incidents affecting the UK retail sector. 

Cyber resilience involves preparing for, responding to, and recovering from cyber incidents. A cyber resilience approach acknowledges that no organisation can be completely safe from attacks, given modern cyber threats. Instead, organisations must be ready to mitigate damage and resume operations swiftly.  

The NCSC emphasises this. “No matter how good your defences are, sometimes the attacker will be successful,” it states.  

“It also means detecting threat actors when they are using your employees’ legitimate access (or are on your network, or in your cloud services) whilst being able to contain attackers to prevent damage, and to respond and recover when an attack has got through your defences,” it adds. 

In light of the recent attacks, S&W strongly recommends the following steps, which include those recommended by the NCSC guidance:   

• Review helpdesk password reset processes, including how requestors are authenticated by helpdesk staff when requesting a password reset 
• Ensure that multi-factor authentication is comprehensively deployed across the organisation, including for cloud technologies 
• Enhance monitoring for account misuse and unauthorised activity, including risky login attempts, such as where login attempts have been blocked due to suspicious or unusual behaviour 
• Review domain admin, enterprise admin and cloud admin accounts. Ensure that all privileges remain valid and authorised, or revoke if inappropriate privileges are discovered 
• Ensure that security operations teams can identify logins from non-typical sources such as VPN sources in residential ranges 
• Ensure that you can consume and adapt quickly to the latest threat intelligence, including intelligence regarding adversary attack tools, techniques and procedures 

As the NCSC points out, “Criminal activity online, including business email compromise, account takeover, ransomware and data extortion, is rampant. Attacks like this are becoming more and more common.”   

At S&W, we support the NCSC’s assertion that all organisations, of all sizes, need to be prepared. Our Digital Risk and Cyber Resilience teams are constantly engaged by clients to assess the risks they face, develop strategies and support programmes of change to improve and enhance resilience while continually testing and training their organisations.