M&S cyber incident shows no organisation is immune from targeted attacks, and what matters is how you respond

Over the last few weeks, there’s been a lot of noise surrounding a high profile cyber attack on M&S. some of it informed, some of it not. As someone who works in cybersecurity, Mark Hughes, CSO at The National Lottery, has taken to social media to add a more grounded perspective.

As it released full year results for the 52 weeks ended 29th March 2025, M&S this week said it will lose an estimated £300 million as a result of the cyber attack that has forced it to halt online orders and struggle to keep store shelves stocked. This has been linked to a hacking collective known as Scattered Spider.

Earlier this month, an M&S insider talked to Sky News about chaotic scenes at the UK high street giant and claimed there was no business continuity plan in place.

In a LinkedIn post, Hughes said: “Firstly just because one person interviewed by Sky News says there isn’t a plan, doesn’t actually mean there isn’t, it means that specific person wasn’t aware of it (probably because they aren’t relevant to responding to the attack). Writing such a story based on one insider’s' gossip to the press is a not the most robust piece of journalism in my view.”

He added: “The attack carried out by Scattered Spider is not your average cyber incident. This group are an advanced and aggressive threat actor who have targeted some of the world’s largest organisations using techniques that would test even the most mature security teams.”

What often gets missed in the commentary is what M&S actually did do, Hughes argued, namely: It has worked directly with the NCSC to understand and share threat intelligence - not just for its benefit, but to warn others.

It also operated under enormous pressure and kept business continuity moving during a live incident, and the transparency of communications has been a lesson to all. And add to this, M&S’s cyber and tech teams have been working around the clock for weeks - “a reality many of us in the field can relate to but few outside understand at all,” Hughes observed.

He concluded: “To be clear, no organisation is immune from targeted attacks. What matters is how you respond - and from what I can see, M&S responded with integrity, urgency, and a willingness to collaborate across the industry. This is my message to the M&S cyber and tech teams: your work matters. You’ve likely prevented others from falling victim, even while still managing your own recovery. That’s the kind of leadership our industry needs more of.”

University of Gloucestershire

The University of Gloucestershire has received £275,000 in funding to develop a smart cyber security hub in collaboration with Unielectronics, a wholesale business operating in UK and international markets.

The two-year initiative is being delivered through a government backed Knowledge Transfer Partnership (KTP), which connects academic institutions with industry to support innovation.

Unielectronics aims to strengthen its cybersecurity infrastructure and address vulnerabilities linked to system integration with global partners. The project will involve the design of a centralised cyber security management system that applies artificial intelligence, data mining, and algorithmic technologies.

The collaboration will leverage the university’s applied computing research and include the use of its FuturePark facility, a £5.8 million technology space developed to support industry and academic exchange. According to the university, the project is expected to enhance cybersecurity practices while providing practical applications of academic research.

Dr. Shujun Zhang, Professor of Applied Computing and Technology at the university, will oversee the academic component of the KTP. Zhang says: “I am delighted that we have secured this KTP. It provides us with a chance to transfer our expertise in the areas of AI, data mining, algorithms and smart system design and development to our industrial partner, Unielectronics. In doing so, we are able to address the cyber security issues associated with its special business-to-business (B2B) model.

“Though I have undertaken about 20 Knowledge Transfer projects, this one has particular technical and practical challenges. However, we will deliver the planned activities through close collaboration between our academic team and industrial partners.”