UK companies should have to disclose major cyberattacks, M&S says
Giving evidence to lawmakers on parliament's Business and Trade Committee on the April cyberattack which forced M&S to suspend online shopping for nearly seven weeks, Archie Norman said the group had learnt that "quite a large number" of serious cyberattacks never get reported to the National Cyber Security Centre (NCSC).
"In fact we have reason to believe there've been two major cyberattacks on large British companies in the last four months which have gone unreported," he said.
Norman said that meant there was "a big deficit" in knowledge in the cybersecurity space.
"So I don't think it would be regulatory overkill to say if you have a material attack ... for companies of a certain size you are required within a time limit to report those to the NCSC."
Norman declined to say if M&S had paid any ransom but said that subject was "fully shared" with the National Crime Agency and other authorities.
He said "loosely aligned parties" worked together on the M&S cyberattack.
"We believe in this case there was the instigator of the attack and then, believed to be DragonForce, who were a ransomware operation based, we believe, in Asia."
A hacking collective known as Scattered Spider that deploys ransomware from DragonForce has previously been blamed in the media for the attack.
"When this happens you don't know who the attacker is, and in fact they never send you a letter signed Scattered Spider, that doesn't happen," said Norman.
He said M&S didn't hear from the threat actor for about a week after it initially penetrated its systems on April 17 through a "social engineering" operation.
In May, M&S said the attack would cost it about 300 million pounds ($409 million) in lost operating profit.
Norman said M&S was fortunate in having doubled its cyberattack insurance cover last year, though its claim could take 18 months to process.
M&S resumed taking online orders for clothing lines on June 10 after a 46-day suspension but is yet to restore click and collect services.
Last week, M&S CEO Stuart Machin told investors the group would be over the worst of the fallout from the attack by August.
Nick Folland, M&S' General Counsel, told the lawmakers a major lesson from the crisis for businesses generally was to make sure they can operate with pen and paper.
"That's what you need to be able to do for a period of time whilst all of your systems are down," he said.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Fashion Network
2 hours ago
- Fashion Network
Christian Dior UK results show tough year, but womenswear and watches/jewellery shine
Dior UK has filed its accounts for 2024 and they show both turnover and profits falling at the British arm of the major French fashion house. See catwalk Turnover dropped 16% to just over £280 million and profit before tax was down 41% at £27.6 million. That figure had been £46.6 million in the previous year and £60 million in 2022. The gross profit percentage dipped 1% to 56% and final profit for the financial year fell 39% to £21.88 million. The company didn't give many details about current trading but said that it expects 2025 to be in line with 2024 in terms of profits. Looking back at 2024, it called the performance "solid" despite the unfavourable global economic environment and highlighted how gross profit remained strong while its operating profit percentage fell by only 4pts 'thanks to vigilant cost management'. The number of people the company employed on average in the UK also dropped by more than 40. It said it navigated the uncertain environment with 'resilience, showcasing the strength of its strategy and the quality of its products', particularly in its women's ready-to-wear division. That was up 2% while the watches/jewellery division rose an even better 5%. It didn't specify the categories in which it saw weakness. Of course, these UK accounts don't paint a full picture of the business given that the company is global and its HQ, including all-important functions such as design and marketing, is based in Paris. But nonetheless the figures do underline just how the tough the market has been in the UK, which was hit last year by a number of issues. They included the overall luxury downturn, the wider cost-of-living crisis and the absence of the tax-free shopping perk that had made luxury shopping in Britain a lot more attractive before Brexit.
Fashion Network
3 hours ago
- Fashion Network
Christian Dior UK results show tough year, but womenswear and watches/jewellery shine
Dior UK has filed its accounts for 2024 and they show both turnover and profits falling at the British arm of the major French fashion house. See catwalk Turnover dropped 16% to just over £280 million and profit before tax was down 41% at £27.6 million. That figure had been £46.6 million in the previous year and £60 million in 2022. The gross profit percentage dipped 1% to 56% and final profit for the financial year fell 39% to £21.88 million. The company didn't give many details about current trading but said that it expects 2025 to be in line with 2024 in terms of profits. Looking back at 2024, it called the performance "solid" despite the unfavourable global economic environment and highlighted how gross profit remained strong while its operating profit percentage fell by only 4pts 'thanks to vigilant cost management'. The number of people the company employed on average in the UK also dropped by more than 40. It said it navigated the uncertain environment with 'resilience, showcasing the strength of its strategy and the quality of its products', particularly in its women's ready-to-wear division. That was up 2% while the watches/jewellery division rose an even better 5%. It didn't specify the categories in which it saw weakness. Of course, these UK accounts don't paint a full picture of the business given that the company is global and its HQ, including all-important functions such as design and marketing, is based in Paris. But nonetheless the figures do underline just how the tough the market has been in the UK, which was hit last year by a number of issues. They included the overall luxury downturn, the wider cost-of-living crisis and the absence of the tax-free shopping perk that had made luxury shopping in Britain a lot more attractive before Brexit.
Euronews
8 hours ago
- Euronews
At least 17 inmates killed in Russian strike on Ukrainian prison
At least 17 inmates were killed and more than 80 were wounded after a Russian airstrike hit a Ukrainian prison in the southeastern Zaporizhzhia region, Ukrainian officials said Tuesday. The attack, which came late Monday, hit the Bilenkivska Correctional Facility with four guided aerial bombs, according to the State Criminal Executive Service of Ukraine. At least 42 inmates sustained serious injuries. One prison staff member was also among the injured. Governor of Zaporizhzhia region Ivan Fedorov said that the building's facilities were destroyed in the strike, which also damaged nearby residential buildings. The head of the Ukrainian presidential office Andriy Yermak denounced the strike as a "war crime". In a post on X, Yermak wrote that Russia "won't stop unless they are stopped." He called for "(Russian President Vladimir) Putin's regime" to "face economic and military blows that strip it of the capacity to wage war." The attack came shortly after US President Donald Trump said on Monday he was to reduce a 50-day deadline he previously set for Russia to agree to a truce in Ukraine to "10 or 12 days". Earlier this month, Trump said he would give Russia 50 days to reach a peace deal or face "severe" economic sanctions. Trump expressed disappointment with Russian President Vladimir Putin, who he said was continuing strikes against Ukraine despite US efforts to broker a ceasefire deal. "I'm going to reduce that 50 days that I gave him to a lesser number because I think I already know the answer what's going to happen," Trump said on Monday. Meanwhile, air raid alerts were announced in the regions of Chernihiv, Sumy, Kharkiv, Donetsk, Zaporizhzhia, Dnipropetrovsk, Poltava, Cherkasy and Kirovohrad. A missile strike on the city of Kamianske in the Dnipropetrovsk region killed two people and injured five — including a pregnant woman — the city's governor Serhiy Lysak said. He added: "A three-storey non-operational building has been partially destroyed. Nearby there are damaged medical centres: a maternity hospital and a department of the city hospital." According to the AFU Air Force, overnight on Tuesday, Russia attacked Ukraine with two Iskander-M ballistic missiles, 37 Shahed-type attack UAVs and imitation drones of various types. Air defence forces shot down or suppressed 32 UAVs, hit five drones and two missiles in three locations, with debris striking in two places.
