BlogCyber ResilienceSecurity
Blog5 minute read

Cyber Insights Report - May 19, 2025

The M&S cyber attack reveals a shift from data theft to operational disruption, highlighting vulnerabilities in legacy systems. This breach underscores the need for cyber resiliencee over mere defense, challenging businesses to rethink continuity strategies amid rising AI threats and regulatory pressures. Resilience, not just protection, is the new imperative.

In this blog

  1. M&S cyber attack: retail operations crippled, trust eroded

 M&S cyber attack: retail operations crippled, trust eroded

 Prolonged disruption, exposed customer data and mounting pressure from regulators define a breach beyond simple data theft

Marks & Spencer (M&S), one of the UK's most established retailers, suffered a sustained cyber attack that forced the suspension of online orders, contributed to supply shortages, and triggered significant reputational and financial losses — over £750 million in market value wiped out. Customer data, including names, phone numbers and addresses, was also compromised, though no payment credentials were reported stolen.

Initial reports suggest the breach was not just a data grab, but rather a strategic operational takedown. The attack has persisted for weeks, underscoring how ransomware groups increasingly aim for reputational leverage and business continuity failure rather than just data monetization. The operational fallout — not the breach itself — is what's driving board-level concern.

Public sources suggest attackers exploited gaps in legacy infrastructure, particularly on-prem systems, to trigger widespread disruption. Experts believe the attackers are leveraging this chaos as the primary pressure point — prompting internal debates around ransom payment, regulatory response and brand recovery.

While the full details of the M&S cyber attack are still coming to light, public reports from industry sources, regulators and researchers offer early insights with far-reaching implications. This breach is more than a data event — it's a wake-up call for enterprise cyber resilience, and it challenges conventional assumptions around operational continuity, governance and preparedness in the face of inevitable disruption.

Source(s) & Further Reading: 

 Why this incident matters

The M&S breach reminds us that cyber events are no longer isolated IT issues — they are enterprise-wide operational crises. What makes this case particularly concerning is the duration and visibility of the disruption, which has shaken public confidence and exposed deep structural weaknesses in how organizations prepare for and absorb cyber shocks. It's a clear example that resilience, not just defense, determines the real-world impact of a breach.

  • Downtime is the real disaster: The lasting damage came from weeks of online disruption, not immediate data loss.
  • Legacy IT ≠ resilience: Dependency on on-prem systems and lack of contingency planning became central failure points.
  • Regulatory exposure is intensifying: GDPR and NIS2 carry massive fines tied to preparedness, not just breach occurrence.
  • Cyber insurance isn't a cure-all: Payouts hinge on proven controls. Trust, brand reputation and operational impact are not insured.
  • Resilience, not just protection, is the mandate: As emphasized by Oxford and the WEF, businesses must assume compromise and architect accordingly.

This incident is not an outlier — it's a preview. With AI-powered threats and regulatory pressure rising, executives must shift from reactive security spending to integrated resilience strategies. The time to evaluate your continuity plans and business-level cyber exposure is before, not during, the next crisis.

 What you should be thinking about

Five key questions every CISO or security lead should be asking themselves in response to this event:

  • If your core systems went down for 10+ days, could your business still function?
  • Do you understand your dependencies on end-of-life or on-prem infrastructure?
  • Is your business continuity plan executable in a live ransomware scenario?
  • Who in your organization is accountable for cyber resilience, not just cybersecurity?
  • Have you aligned your incident response playbooks with insurers and regulators?

 How WWT is positioned to help

WWT helps organizations go beyond detection and prevention. We architect cyber resilience across people, processes and infrastructure so that businesses can withstand, recover from, and adapt to real-world disruption. If the M&S breach teaches us anything, it's that recovery time, regulatory alignment, and brand trust are the new metrics of cyber readiness.

  • Hour of Cyber: Cyber Resilience Edition: A focused 60-minute executive session designed to assess your readiness across data protection, cyber vaulting, immutable storage and operational continuity. Tailored to align your organization's recovery posture with the boardroom's expectations of resilience.
  • Cyber Resilience Discovery Session: A deep-dive strategic workshop that maps your current state, critical applications and RPO/RTO goals. We align business priorities with recovery architecture and deliver actionable next steps to strengthen resilience across infrastructure, compliance and processes.
  • MicDrop: Rubrik Capture the Flag (CTF): A hands-on, gamified lab experience simulating a real-world ransomware event. Learn how Rubrik Security Cloud helps detect, protect and recover using advanced threat analytics, AI-powered guidance via Ruby, and proven incident response workflows. Ideal for security teams, IT leaders and SOC staff.
  • WWT Security Priorities Report: 2025: Our flagship report outlines four board-level priorities CISOs must act on this year, including comprehensive cyber resilience. Learn how to align tools, teams and governance to address modern threats while turning security into a true business enabler.

 What's the next step?

Connect with Dominic Greco, Practice Director of Secure Data within Global Cyber's GS&A team, or coordinate with your local account team to identify the best path forward. We're here to support and guide the process.