In today’s always-online world, cybersecurity isn’t just something for the IT team to worry about – it’s a serious business risk. But let’s be honest, a lot of companies still don’t realise just how clever and damaging today’s cyber threats can be. The recent attack on Marks & Spencer (M&S) is a perfect example of how quickly things can go wrong.
M&S: a wake-up call for everyone
In April 2025, M&S was hit by a major cyber attack that threw its online operations into chaos for weeks. The breach – apparently linked to a third-party supplier – meant they had to pause online orders and even contactless payments in-store. They’re not expecting to be fully back on track until July. The cost? Around £300 million in lost profits and a £1 billion drop in market value.
What’s even more worrying is how the attackers got in. They didn’t break through some high-tech firewall – they used social engineering to trick someone into giving them access. And this happened even though M&S had run a cyberattack simulation just the year before. It just goes to show – even companies that are trying to stay ahead can still get caught out if they don’t continuously adapt their defences.
Why some businesses still think “It won’t happen to us”
Even with cyber threats making headlines, a surprising number of businesses still think they’re not a target. That kind of thinking usually comes from a few common blind spots:
The hidden costs of doing nothing
The financial damage from a cyber attack is only part of the story. Reputational harm, regulatory penalties and operational downtime can be even more devastating. Customers, investors, and partners lose trust quickly – and rebuilding that trust takes time and resources.
And here’s something else to think about: if you’re planning to sell your business or bring in investors, your cybersecurity setup matters. A weak cybersecurity setup can reduce a company’s valuation or even derail a deal.
What businesses should do now
Let’s face it – cyber threats aren’t going anywhere. If anything, they’re getting sneakier, faster, and more expensive to recover from. Whether you’re running a growing business or managing a well-established team, now’s the time to make sure your cybersecurity is strong. Here are six practical ways to help you stay ahead of the hackers:
1. Make cybersecurity everyone’s business
Cybersecurity isn’t just an IT department issue – it’s a whole-business issue. Get your leadership team involved, make it part of your risk planning, and treat it like the business-critical issue it is. If it’s not on your boardroom agenda yet, it should be.
2. Let AI do the heavy lifting
AI tools are brilliant at spotting strange patterns and flagging suspicious activity before it becomes a full-blown crisis. They can monitor your systems 24/7, learn from past threats, and even automate responses. Think of it as having a digital security guard that never sleeps.
3. Train your people (again and again)
Most cyber attacks start with a simple mistake – like clicking a dodgy link. Regular training helps your team stay sharp and spot the signs of phishing, scams, and other sneaky tactics. Make the training engaging, make it frequent, and don’t assume once is enough.
4. Lock down access
Strong passwords are a start, but multi-factor authentication (MFA) is even better. It’s like adding a second lock to your front door. Also, make sure people only have access to the data and systems they actually need – less access means less risk.
5. Patch it, update it, audit it
Outdated software is a hacker’s dream. Keep everything updated – your apps, your systems, your devices. And don’t forget your suppliers: if they’re connected to your systems, their security matters too. Regular audits help you spot weak spots before someone else does.
6. Have a plan (and practise it)
If a cyber attack hits, you don’t want to be panicking. Have a clear, tested plan for what to do – who to call, what to shut down, how to recover. Run drills so your team knows the drill. The faster you respond, the less damage you’ll face.
Final thoughts
Cybercrime isn’t just a hobby for teenagers in dark basements anymore – it’s big business. We’re talking about organised, well-funded operations that even have HR departments. And as we all rely more and more on technology, these threats aren’t going away.
Cybersecurity isn’t something you fix once and forget about. It’s an ongoing effort that takes attention, investment, and the ability to adapt. The M&S breach is a clear reminder: being unprepared can cost you far more than being proactive ever will.
