In the last few years, cyber attacks have taken a heavy toll on some of the largest retailers. This concern has recently become particularly acute for Marks & Spencer (M&S). Just recently, we’ve seen reports coming from Reddit, where people who say they work for M&S posted on the work environment after a cyber breach. The BBC has not independently confirmed these allegations as related to the workers’ identities. Unfortunately, this revelation is a sign of a larger troubling trend in the public sphere. The Co-op has further been forced to close down some IT infrastructure as a result of a different cyber attack.
… the growing number and seriousness of cyber attacks … the whole state of cybersecurity is too ominous to recount. The large impact of this incident meant a critical state was declared, following a ransomware attack that hit services managed by pathologist company Synnovis. Sir Dan Moynihan, head of one of the UK’s largest and most high-profile academy chains, has called it being hacked “an absolute nightmare.” Then in 2021, the Russian crime group REvil struck his company with a ransomware attack. They were threatening to hold the projects to ransom, demanding an eye-watering £8 million in ransom. The hackers claimed they would publicize sensitive information if the ransom wasn’t paid in ten days.
Sir Moynihan opted to refuse these demands, leading to a drawn out recovery process that took three months. As the leader of the multi-academy Harris Federation, it is true that his organisation suffered huge losses during this period. The recovery efforts amounted to approximately £750,000. That meant a large-scale forensic cleanup of around 30,000 devices as well as forensically sound processes. The cyber attack resulted in the loss of over $300 million. It caused a loss of lesson plans, important teaching materials, and registration systems.
Collectively, the scale of the problem goes well outside any one company’s or nonprofit’s capacity to address. In fact, last year, a UK government survey found that 74% of large businesses had experienced successful cyber attacks. This alarming statistic highlights the urgency for businesses to strengthen their cybersecurity efforts. Sir Charlie Mayfield, former chairman of John Lewis, highlighted that many firms now recognize their vulnerability to such attacks and are taking steps to mitigate risks.
As one UK retailer put it to the BBC, they’re “patching like crazy. In doing so, they are proactively preparing themselves to better defend against tomorrow’s cyber threats. This shift to a more proactive approach illustrates an understanding of the drastic impacts cyber incidents can have. As enterprises race to fortify their digital perimeters in a world of escalating attacks, what we can learn from these attacks is more important than ever.
Here’s what M&S workers had to say on Reddit. Their stories humanize the damage that a cyber attack can do not just to an organization but to those employees whose operations are disrupted. While these accounts are unverified, they paint a disturbing picture of the fear and confusion workers experience during a crisis like this one. We must remember that cyber incidents do harm—physical harm, psychological harm, emotional harm—beyond financial damages. Beyond that, they can damage civilian morale and undermine faith in an organization’s capacity to safeguard personal and professional data.
As more companies start to feel the ripple effects of cybersecurity’s complexities, a partnership model between industry leaders could make all the difference. By pooling strategies, resources and insights we can all build a new-found collective resilience against malicious cyber actors. By understanding lessons learned, companies can be more reactive to future events and able to limit the impact when breaches do happen.