Marks & Spencer (M&S) has had to hit the brakes on its online orders due to a recent cyber incident. This article dives into the aftermath of the attack and the upcoming Cyber Security and Resilience Bill that aims to bolster the UK’s defences against such threats.
The Cyber Attack
M&S has been affected by a significant cyber incident, resulting in the suspension of its online retail services since Friday. This situation places the retailer in the ranks of other major brands like Morrisons and Barclays, which have faced serious cyber issues that not only impact sales but also tarnish reputations. Regular attacks at crucial trading times disrupt not just individual businesses but the economy as a whole.
New Cyber Laws
The Cyber Security and Resilience (CS&R) Bill, announced in July 2024, is awaiting its introduction in Parliament. The government’s goal is to reinforce cyber defences across all sectors in the UK following the influence of EU legislation such as NIS2.
Why do we need the Bill?
The current UK cybersecurity laws, established under the Network and Information Systems Regulations 2018, are lagging behind other nations’ modern frameworks. Cyber-attacks are affecting not just private businesses but critical public infrastructure, as seen with the previous attack on NHS service provider Synnovis in June 2024.
What will the Bill achieve?
The CS&R Bill aims to expand the regulatory scope to include about 1000 Managed Service Providers in the UK, forcing more entities to comply with enhanced security measures. Regulators will adapt requirements by sector and ensure more transparency in cyber incident reporting, while also allowing the government to quickly respond to emerging threats.
NCSC views
The National Cyber Security Centre (NCSC) supports the proposals within the Bill, anticipating it to provide robust protections against increasingly sophisticated cyber threats confronting critical sectors in the UK.
The full measures of the CS&R Bill are expected to be revealed later this year, heralding a new era in the UK’s approach to cybersecurity and resilience amidst ongoing cyber challenges.
Key Points
- M&S has paused online orders due to a cyber incident affecting its services.
- Cyber incidents are becoming increasingly common, impacting businesses like M&S, Morrisons, and Barclays.
- The proposed Cyber Security and Resilience Bill aims to strengthen UK cybersecurity measures across all sectors.
- The Bill will require Managed Service Providers to adhere to enhanced security standards.
- The NCSC believes the new legislation can significantly improve the cybersecurity landscape in the UK.
Why should I read this?
If you’re keen to grasp the implications of cybersecurity in the business landscape, this article is a must-read. It not only shares M&S’s recent struggles but also highlights how upcoming legislation could transform the way businesses across the UK deal with cyber threats. This isn’t just about M&S; it’s about safeguarding the future of online retail and many sectors at large.