Skip to content
City PM
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
Tuesday 08 July 2025 12:11 pm  |  Updated:  Tuesday 08 July 2025 1:08 pm

M&S chair: UK needs to muscle up to tackle cyber threats

By: Amber Murray

Retail Reporter

Add as a preferred source on Google
The board unaminously agreed to extend Norman's position as Chair
M&S was among a number of household names that suffered cyber attack losses

M&S chair Archie Norman has said the UK is probably underresourced to tackle cyber threats and needs to boost its security level to encourage investment.

Speaking to lawmakers on Tuesday, Norman said that the UK is “just not resourced up to operate at [the US] level.”

“It’s very advantageous if we in this country have leading cyber security experts, because we have a cyber services industry,” he said, adding that it should be “our aspiration” to have very high standards of cyber, very high quality advisors and good national authorities.

M&S suffered a serious cyber attack on April 17 via social engineering tactics, with hacking group Scattered Spider able to access systems and ultimately leading to a £300m hit to profit for M&S this financial year.

“It’s not an overstatement to describe it as traumatic,” Norman said. “We’re still in the rebuild mode, and we will be for some time to come.”

M&S has largely restored online services, but doesn’t expect to fully return to normal until August.

“It’s very rare to have a criminal act in another country or in this country… essentially trying to destroy your business,” Norman said. “It’s like an out of body experience.”

M&S chair: ‘Assume the perimeter is permeable’

Norman said that all online businesses were at risk of a cyber attack like M&S’s.

Read more

Gambit Cyber Launches Vizier AI – An Autonomous Security Intelligence Workspace for Continuous Exposure Management

“The right thing to do, if you’re in our business, is to assume that the perimeter is permeable. Ultimately, can they get in? They probably can, if they try hard enough,” he said.

“You [can] have all the preventions that you should have… double dual factor authentication, password control, everything like that. But this business is to assume that the perimeter is permeable,” he said.

Cyber attacks in retail overwhelmed the sector earlier this year, with the Co-op, Harrods, Dior, Cartier and North Face all reporting breaches or attempted breaches.

In Parliament on Monday, Conservative MP David Davis asked for an update on the “progress of the government’s actions to ensure that blackmailers of this sort do not succeed in future” in light of an “undisclosed sum” paid by a “major company” to their cyber attacker – although he declined to name them.

Minister of State for Security Dan Jarvis replied that the home office “recently closed a consultation into a world leading package of legislative proposals to counter ransomware, and a public response will be published shortly”.

Cyber expert Spencer Starkey has warned that actions must be taken, and soon, in light of the rapidly-improving strategies of cyber attackers.

“Threat actors are now exploiting vulnerabilities within 48 hours of disclosure – far faster than most organisations can patch,” Starkey said.

Read more

‘Act now’: AI models capable of attacks on governments months away, Five Eyes warn

GettyImages 158774123 showcases a relevant business meeting scene, highlighting diverse professionals engaged in discussion.

Share this article

  • Facebook
  • X
  • LinkedIn
  • WhatsApp
  • Email

Similarly tagged content:

Sections

  • News

Categories

  • Retail
  • Business

People & Organisations

  • cyber attack
  • cyber attacks
  • M&S
  • Marks & Spencer
  • Marks and Spencer
  • Marks and Spencer (M&S)

Trending Articles

  • I’ve taken the best train trips in the world. Here are my 5 favourites

  • Nothing fails to file accounts months after dissolution threat

  • Nottingham Forest owner Marinakis announces £210m stadium plans

  • Harry Styles at Wembley Stadium review: running through the grief

  • Burnham tax plans spark investor rush to bank capital gains

More from City PM

  • Gambit Cyber Launches Vizier AI – An Autonomous Security Intelligence Workspace for Continuous Exposure Management

    Business Wire
  • ‘Act now’: AI models capable of attacks on governments months away, Five Eyes warn

    Tech
    GettyImages 158774123 showcases a relevant business meeting scene, highlighting diverse professionals engaged in discussion.
  • The Debate: Should CEOs be held personally accountable for cyberattacks?

    Opinion
    Evil-looking keyboard symbolizing cybersecurity threats and hacking risks in a digital landscape.
  • Yubico Joins European Cyber Security Organisation (ECSO)

    Business Wire
  • Professional services firms the ‘flavour of the month’ for cyberattacks

    Prof Services
    The ICO said it initially planned to fine Capita a total of £45m, but this was later reduced by “mitigating factors”
  • Jaguar Land Rover eyes cost-cutting and wealthy buyers in cyber attack recovery

    Retail
    JLR logo prominently displayed in an automotive business setting, highlighting the companys brand presence and identity
  • Neo4j Acquires GraphAware to Launch Intelligence Analysis Alternative to Palantir Gotham

    Business Wire
  • Trump to reject UK plea over Anthropic ban as AI ‘kill switch’ fears grow

    Tech
    Getty Images logo on a modern office building exterior, symbolizing global influence in media and stock photography industry

City PM — European politics, business and analysis.

Europe

  • Germany
  • France
  • Europe
  • UK & Ireland

Topics

  • Business
  • Markets
  • AI
  • Technology
  • Opinion
  • Energy

More

  • Politics
  • Economics
  • Fintech
  • Legal
  • Sport
  • Life

Company

  • About City PM
  • Editorial Policy
  • Corrections
  • Contact
  • Terms of Use
  • Privacy Policy
  • Cookie Policy
© 2026 City PM · Published by CityPM Media, Bahnhofstrasse 65, 8001 Zürich, Switzerland
About · Editorial Policy · Corrections · Contact · Privacy