Our partners Citation Cyber are here to keep you up to date and prepared for all things cyber security. They help businesses like yours build resilience and awareness. Their latest blog is about what you can learn from the biggest attacks we’ve seen this year.
If you think cyber criminals are slowing down or taking a break, you’d be wrong. They’re levelling up, upskilling, and targeting more businesses than ever before. In 2024, over 40% of UK businesses reported a cyber attack or breach. And ransomware and phishing were among the top threats.
One thing that’s changing is that threats are now playing out on the national stage. Retail giants like Marks & Spencer, Co-op, and Harrods have all been hit. Yes by the attacks themselves, but also the fallout including disrupting operations, damaging customer trust, and exposing critical weaknesses in supply chains.
These aren’t isolated incidents. They’re a warning for every business, from high-street retailers to manufacturers, logistics firms, and hospitality providers. Still letting cyber resilience sit on the sidelines? It’s needs to be a priority. Part of your day-to-day.
The M&S cyber attack – what happened
In April 2025, M&S was hit by a ransomware attack that shut down its online operations in England, Scotland, and Wales for 46 days. The attack, reportedly linked to the financially motivated hacking group Scattered Spider, using DragonForce ransomware-as-a-service (RaaS), started with a phishing campaign that let attackers steal login details.
From there, they gained deeper access into M&S systems and encrypted infrastructure including servers for order management, payment processing, and logistics. Staff were locked out, operations ground to a halt, and the online store was shut off.
The fallout
- Lost revenue: An estimated £300m, in missed online sales.
- Customer frustration: Shoppers were unable to order during key sales periods.
- Operational scramble: Their three-year IT overhaul plan was condensed into 18 months.
- Internal disruption: Staff were forced to work on personal devices while communications were down.
M&S brought in external cyber security specialists, worked with law enforcement, and committed to big investments in cyber resilience.
Six lessons every business can take away
You don’t have to be a big retailer to be targeted or suffer serious consequences. No matter your sector or size, if you handle customer data the fundamentals are the same:
- Create and test an incident response plan
If you don’t already have one, you should. It means you’ll know what to do if your systems are compromised – who’ll do what, how you’ll communicate with stakeholders, and how you’ll recover securely. - Test your current defences
Let ethical hackers try to get into your systems before any criminals. They simulate real-world attacks on your systems to find any weaknesses. - Train your team regularly
Most breaches start with human error. Regular, practical training means your staff will be able to spot phishing emails, report suspicious activity, and avoid common mistakes. - Secure your logins
Use strong, unique passphrases and enable multi-factor authentication (MFA) wherever possible. - Know your supply chain risks
A weak link in your supplier network could be your downfall. Know who has access to your systems and don’t assume their security is at the same level as yours. - Adopt a zero trust mindset
This means no automatic access to your data or systems. Every user, device, and request should be verified every time. It’s simple but means attackers can’t move around if they can log in.
Final thoughts
M&S took 46 days to recover. That’s not just lost sales. It’s lost loyalty, lost momentum, and heightened scrutiny. Cyber attacks like these prove that security isn’t a “nice to have”, it’s essential to keeping your business running and your reputation intact.
The good news is you don’t need a huge budget to start building resilience. You just need a plan, consistent action, and the right guidance.
Need help? We’re here.
Citation Cyber help UK businesses of all sizes build strong, smart cyber security. From phishing simulations and Cyber Essentials certification to penetration testing, we’ll help you take control.
Reach out to Paul, our Head of Partnerships, at [email protected] to find out how you can protect your assets and build resilience. Don’t wait for a breach to disrupt your business, take control of your cyber security strategy now.