Is your business protected from cyberattack?
It’s been a busy few weeks for cyberattacks, with three major High Street names targeted, highlighting the importance of being cyber aware and having a contingency plan in place should the worst occur.
Here, we look at recent incidents, the nature and increasing frequency of cyberattacks, and introduce PIB’s unique diagnostic tool able to identify vulnerabilities in your organisation that could make you susceptible to cyberattack – helping to keep your organisation cybersecure and well protected.
M&S cyberattack
First came the cyberattack on Marks and Spencer, which was targeted with ransomware over the Easter weekend. This is malicious software that locks the owner out of their computer and scrambles their data, with cyber criminals demanding a fee to unlock the systems.
The cyberattack caused M&S to temporarily shut down their online operations and has had a significant impact, as online transactions account for about a third of its clothing and home sales, representing around £3.8m a day. Its shares also dropped significantly in value as it struggled to manage the attack, with more than half a billion pounds wiped off the company’s value. The attack is thought to have been carried out by ransomware group DragonForce, who possibly rented out its malicious software to teenage hackers known as Scattered Spider.
Co-op and Harrods cyberattacks
A second incident followed shortly after with a major cyberattack on the Co-op funeral service, supermarket and insurance company, who disclosed that it had shut down part of its IT systems in response to hackers attempting to gain access. Co-op said it was taking proactive measures to fend off the attack, which had a small impact on its call centre and back office, and insisted the cyberattack was under control. Their remedial action appears to include updating every part of the system with the latest software, shutting off all remote access and requesting all Co-op workers not to post sensitive information into Teams chats and report any suspicious messages or emails.
Thirdly, luxury department store Harrods reported being hacked by cyber criminals. Harrods didn’t clarify the scale of the impact on its networks, saying: “We recently experienced attempts to gain unauthorised access to some of our systems. Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites.” The flagship store remains open, and it continues to operate online sales.
Following these major incidents, the NCSC has extended its warnings about such attacks to all organisations in the UK, urging them to be vigilant. Richard Horne, chief executive of the National Cyber Security Centre (NCSC), the government body responsible for supporting organisations facing cyber threats, said the attacks should serve as a ‘wake-up call’, with the incidents exposing the sector’s mounting vulnerability to cyber threats.
All businesses at risk
The NCSC’s Cyber Security Breaches Survey 2025 provides a comprehensive overview of the cyber security landscape for UK businesses and charities, looking at trends in cyber security awareness, approaches to risk management, prevalence and impact of breaches, incident response and the evolving threat of cybercrime.
Their findings show that overall 43% of businesses and 30% of charities reported having a cyber security breach or attack in the last 12 months. This equates to 612,000 businesses and 61000 charities in the UK. While the figures represent a decrease compared to 2024, this is because slightly fewer micro and small businesses reported having phishing attacks. The prevalence of cyber breaches and attacks in medium and large businesses remains high, reported as 67% of medium and 74% of large businesses.
Good cyber hygiene practice - including insurance, risk assessment and continuity plans – had increased in small businesses and large businesses, but less so in medium businesses, and was in decline in high-income charities.
Phishing on the increase
Phishing attacks remain the most prevalent and disruptive type of breach or attack, experienced by 85% of businesses and 86% of charities, with such attacks time-consuming to address due to their volume and the need for investigation and staff training.
Interestingly, relatively few businesses were found to be taking steps to review the risks posed by their immediate suppliers and wider supply chain, but there was a growing awareness of the sophisticated methods used, including AI impersonation.
PIB one step ahead
As a matter of course your business should be cyber insured. Here, PIB is ahead of the field, providing not only wide-reaching cyber insurance that can be tailored to specific requirements, with access to IT forensics, data breach experts, extortion advisers, and cyber risk management tools, but also a new proactive, diagnostic tool, CyberPrepare, designed to help businesses identify vulnerabilities and implement effective cybersecurity measures.
How CyberPrepare can help
Available via a secure online portal, with continual access to an interactive dashboard, CyberPrepare has the capability to examine your organisation’s cyber resilience, breakdown your security and exposures, and advise on the level of cyber preparedness you have in place - in simple, understandable language. There are two key elements:
- Firstly, a non-invasive, state-of-the-art domain scan profiles your digital estate, examining your internal controls and evaluating your company’s security from an external attacker’s perspective. This helps to optimise your online presence, modify information and limit access points, increasing your resilience to cyberattacks.
- Secondly, a cyber questionnaire identifies risk from a defender’s perspective, giving insight into your cyber preparedness and security posture. Security controls are categorised into ransomware, phishing, social engineering, business email compromise and third-party vendor compromise.
Once both components have been completed, CyberPrepare provides a comprehensive resilience report, observing anything of note that has deeper implications, providing insights into your online presence that may give attackers intelligence, and setting out actions that need to be taken.
Talk to PIB today
Given today’s rapidly evolving digital risks, with the threat of cyberattack very real, potentially damaging your business, reputation and client base, and causing severe disruption, with financial implications, it’s never been more critical to evaluate your online weaknesses and put protection in place.
To learn more about CyberPrepare and how it can enhance your business’s cybersecurity resilience, visit www.cyberprepare.com. To speak to PIB about tailored cyber insurance for your business call 0330 058 9863 or email hello@pib-insurance.com
Sources
- M&S:
https://www.bbc.co.uk/news/articles/cg72kg5yn2ko
- Co-op:
- Harrods:
- Latest NCSC figures:
- CyberPrepare: