The good news? No evidence of a data breach.

The better news? M&S has been praised for swift, clear, and transparent communication across social media and direct customer emails.

But here’s the thing, this isn’t just an M&S problem. This is a sharp reminder that no business is immune to cyber threats – and without preparation, the damage can be far worse.

According to the Gov.uk Cyber Security Breaches Survey 2024 (published 9 April 2024):

• Only 17% of businesses and 12% of charities carried out a vulnerability risk assessment in the last year.
• Just 22% of businesses and 19% of charities have a formal cyber incident response plan.
  

So, has your business taken action? When was your last vulnerability assessment? Is your team ready to respond if it happened tomorrow? We offer bespoke vulnerability assessments, penetration testing, and incident response exercises to help local businesses like yours build real cyber resilience.

Key Takeaways from the M&S Cyber Incident:

1.Transparent Communication is Critical

Keep an up-to-date stakeholder contact list (customers, staff, suppliers, regulators, insurers).

Pre-prepare and regularly update your communication templates.

2. Build a Comprehensive Incident Response Plan

Include a full data map, communication diagrams, and technical steps.

Remember: under GDPR, you have 72 hours to report a data breach to the ICO.

3. Run Regular Cyber Simulations

We run cyber fire drills to test your response. Think tabletop exercises tailored to your business, with real-world scenarios that help your team sharpen skills and spot weak points.

4. Manage Third-Party Risks

Ask suppliers for their incident response plans.

Know where they sit in your supply chain risk.

Make third-party assessments part of your overall cyber strategy.

This isn’t just about ticking a box.

This is about preparing your business to respond fast, minimise damage, and maintain trust. Ready to chat? Let’s talk.

Our team is here to help you evolve your security, with lasting integrity.