Search
00
GBAF Logo
trophy
Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

Subscribe to our newsletter

Get the latest news and updates from our team.

Global Banking & Finance Review®

Global Banking & Finance Review® - Subscribe to our newsletter

Company

    GBAF Logo
    • About Us
    • Profile
    • Privacy & Cookie Policy
    • Terms of Use
    • Contact Us
    • Advertising
    • Submit Post
    • Latest News
    • Research Reports
    • Press Release
    • Awards▾
      • About the Awards
      • Awards TimeTable
      • Submit Nominations
      • Testimonials
      • Media Room
      • Award Winners
      • FAQ
    • Magazines▾
      • Global Banking & Finance Review Magazine Issue 79
      • Global Banking & Finance Review Magazine Issue 78
      • Global Banking & Finance Review Magazine Issue 77
      • Global Banking & Finance Review Magazine Issue 76
      • Global Banking & Finance Review Magazine Issue 75
      • Global Banking & Finance Review Magazine Issue 73
      • Global Banking & Finance Review Magazine Issue 71
      • Global Banking & Finance Review Magazine Issue 70
      • Global Banking & Finance Review Magazine Issue 69
      • Global Banking & Finance Review Magazine Issue 66
    Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

    Global Banking & Finance Review® is a leading financial portal and online magazine offering News, Analysis, Opinion, Reviews, Interviews & Videos from the world of Banking, Finance, Business, Trading, Technology, Investing, Brokerage, Foreign Exchange, Tax & Legal, Islamic Finance, Asset & Wealth Management.
    Copyright © 2010-2026 GBAF Publications Ltd - All Rights Reserved. | Sitemap | Tags | Developed By eCorpIT

    Editorial & Advertiser disclosure

    Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

    Home > Headlines > UK companies should have to disclose major cyberattacks, M&S says
    Headlines

    UK companies should have to disclose major cyberattacks, M&S says

    Published by Global Banking & Finance Review®

    Posted on July 8, 2025

    3 min read

    Last updated: January 23, 2026

    UK companies should have to disclose major cyberattacks, M&S says - Headlines news and analysis from Global Banking & Finance Review
    Why waste money on news and opinion when you can access them for free?

    Take advantage of our newsletter subscription and stay informed on the go!

    Subscribe

    Tags:cybersecurityinsurancefinancial managementrisk managementbusiness services

    Quick Summary

    M&S chairman urges UK firms to report major cyberattacks, citing recent unreported incidents. M&S faced a costly cyberattack, highlighting the need for improved cybersecurity practices.

    M&S Calls for Mandatory Disclosure of Significant Cyberattacks in UK

    By James Davey

    LONDON (Reuters) -British businesses should be legally required to report material cyberattacks to the authorities, the chairman of retailer Marks & Spencer said on Tuesday, claiming two recent major attacks on large UK firms had gone unreported.

    Giving evidence to lawmakers on parliament's Business and Trade Committee on the April cyberattack which forced M&S to suspend online shopping for nearly seven weeks, Archie Norman said the group had learnt that "quite a large number" of serious cyberattacks never get reported to the National Cyber Security Centre (NCSC).

    "In fact we have reason to believe there've been two major cyberattacks on large British companies in the last four months which have gone unreported," he said.

    Norman said that meant there was "a big deficit" in knowledge in the cybersecurity space.

    "So I don't think it would be regulatory overkill to say if you have a material attack ... for companies of a certain size you are required within a time limit to report those to the NCSC."

    Norman declined to say if M&S had paid any ransom but said that subject was "fully shared" with the National Crime Agency and other authorities.

    He said "loosely aligned parties" worked together on the M&S cyberattack.

    "We believe in this case there was the instigator of the attack and then, believed to be DragonForce, who were a ransomware operation based, we believe, in Asia."

    A hacking collective known as Scattered Spider that deploys ransomware from DragonForce has previously been blamed in the media for the attack.

    "When this happens you don't know who the attacker is, and in fact they never send you a letter signed Scattered Spider, that doesn't happen," said Norman.

    He said M&S didn't hear from the threat actor for about a week after it initially penetrated its systems on April 17 through a "social engineering" operation.

    In May, M&S said the attack would cost it about 300 million pounds ($409 million) in lost operating profit.

    Norman said M&S was fortunate in having doubled its cyberattack insurance cover last year, though its claim could take 18 months to process.

    M&S resumed taking online orders for clothing lines on June 10 after a 46-day suspension but is yet to restore click and collect services.

    Last week, M&S CEO Stuart Machin told investors the group would be over the worst of the fallout from the attack by August.

    Nick Folland, M&S' General Counsel, told the lawmakers a major lesson from the crisis for businesses generally was to make sure they can operate with pen and paper.

    "That's what you need to be able to do for a period of time whilst all of your systems are down," he said.

    (Reporting by James Davey, Editing by Sachin Ravikumar and Susan Fenton)

    Key Takeaways

    • •M&S chairman calls for mandatory reporting of cyberattacks.
    • •Two major UK cyberattacks went unreported recently.
    • •M&S faced a significant cyberattack costing £300 million.
    • •Cyberattack insurance was crucial for M&S recovery.
    • •Businesses should prepare to operate offline during attacks.

    Frequently Asked Questions about UK companies should have to disclose major cyberattacks, M&S says

    1What does M&S propose regarding cyberattack reporting?

    M&S chairman Archie Norman suggests that UK businesses should be legally required to report material cyberattacks to the authorities.

    2How did the recent cyberattack affect M&S?

    The April cyberattack forced M&S to suspend online shopping for nearly seven weeks and is estimated to cost the company about 300 million pounds in lost operating profit.

    3What is the significance of the proposed reporting requirement?

    Norman believes that mandatory reporting would address the 'big deficit' in knowledge within the cybersecurity space, ensuring better awareness and response to such incidents.

    4What lessons did M&S learn from the cyberattack?

    M&S General Counsel Nick Folland emphasized the importance of being able to operate with pen and paper during system downtimes, highlighting the need for business continuity planning.

    5What is the status of M&S's online services post-attack?

    M&S resumed taking online orders for clothing lines on June 10 after a 46-day suspension but has yet to restore its click and collect services.

    More from Headlines

    Explore more articles in the Headlines category

    Image for Hungary's opposition Tisza promises wealth tax, euro adoption in election programme
    Hungary's opposition Tisza promises wealth tax, euro adoption in election programme
    Image for Thousands protest in Berlin in solidarity with Iranian uprisings
    Thousands protest in Berlin in solidarity with Iranian uprisings
    Image for Farmers report 'catastrophic' damage to crops as Storm Marta hits Spain and Portugal
    Farmers report 'catastrophic' damage to crops as Storm Marta hits Spain and Portugal
    Image for France opens probe against ex-culture minister lang after Epstein file dump
    France opens probe against ex-culture minister lang after Epstein file dump
    Image for If US attacks, Iran says it will strike US bases in the region
    If US attacks, Iran says it will strike US bases in the region
    Image for Suspected saboteurs hit Italian rail network near Bologna, police say
    Suspected saboteurs hit Italian rail network near Bologna, police say
    Image for Olympics-Protesters in Milan denounce impact of Games on environment
    Olympics-Protesters in Milan denounce impact of Games on environment
    Image for Olympics-Biathlon-Winter Games bring tourism boost to biathlon hotbed of northern Italy
    Olympics-Biathlon-Winter Games bring tourism boost to biathlon hotbed of northern Italy
    Image for US pushes Russia and Ukraine to end war by summer, Zelenskiy says
    US pushes Russia and Ukraine to end war by summer, Zelenskiy says
    Image for Russia to interrogate two suspects over attempted killing of general, report says
    Russia to interrogate two suspects over attempted killing of general, report says
    Image for Russia launches massive attack on Ukraine's energy system, Zelenskiy says
    Russia launches massive attack on Ukraine's energy system, Zelenskiy says
    Image for Ukraine backs Pope's call for Olympic truce in war with Russia
    Ukraine backs Pope's call for Olympic truce in war with Russia
    View All Headlines Posts
    Previous Headlines PostChina's Chery brand to launch in Britain with two new SUVs
    Next Headlines PostTrading with dictators, EU may be funding threats to itself, ECB says