Skip to content
StocksInvestingFinancetechnologyCybersecurityCryptocurrencyPensionsInsurance

Digital extortionists threaten high-level British corporate offices with data captivity

Cyber attacks have drained UK businesses of £44 billion in lost earnings over the last five years, impacting more than half (52%) of the companies, according to insurance broker Howden.

 and  Administrator
6 min read

Digital extortionists threaten high-level British corporate offices with data captivity

Rewritten Article:

The digital menace looming over businesses across the globe has been no joke, hitting the likes of Marks & Spencer, the Co-op, and Harrods. However, it's not just retailers on the chopping block – hackers can strike any company, in any industry, at any moment, anywhere on the planet.

For business leaders and investors, this reality can be a chilling prospect. Bosses of FTSE 100 firms and fledgling entrepreneurs alike are losing sleep over the fear of becoming the next victim.

According to insurance broker Howden, the past five years have seen UK companies suffer a staggering £44 billion in lost revenue due to cyber attacks, with 52% of companies reporting being affected.

Some have enlisted former hostage negotiators, skilled in dealing with blackmailers and terrorists, to help navigate these treacherous waters. Others have resorted to insurance policies to cover ransom demands, sparking concerns that the very existence of such coverage encourages the criminal activity.

Typically, hackers find their way in through weak points in a company's cyber defenses, like the IT systems of a supplier.

The attackers behind the strikes on M&S, Co-op, and Harrods have been traced to a group called DragonForce. Some experts believe they share similarities with a group of teenage blackmailers known as Scattered Spider.

Regardless of who's involved, these criminals orchestrated a crippling assault over the Easter bank holiday.

Top brass at M&S will be unwilling to pay a ransom, as demands are usually made via the dark web and hackers ask for payment in cryptocurrency.

Experts consider the M&S case, now in its third week, a classic example of a ransomware attack, where data systems are breached, crippled, and only released once a ransom is paid.

  • Previous
  • 1
  • Next
  • The grim aftermath of the M&S hack and what it means for the future M&S shares plummet as cyber chaos shows no signs of letting up

Share this article

HOW THIS IS MONEY CAN HELP

  • Learn How to Protect Your Business from Cyber Threats

The damage inflicted on M&S is evident. Empty shelves, inaccessible online orders, sent-home warehouse staff, and a halted click-and-collect service are just some of the consequences. Contactless payments in stores have been restored, but recruitment has been stalled as fears grow that the cyber crisis could linger for months.

There's concern that working from home could be a risk factor. As mentioned in M&S's latest annual report, "the sophistication and frequency of cyber-attacks continue to increase as the company operates a hybrid work model."

Outsourcing IT to contractors is also an issue. M&S acknowledges, "our reliance on key third parties for selected services and/or hosting of data exposes us to risks from vulnerabilities in their cyber and data controls."

The Co-op admitted last Friday that hackers infiltrated a significant number of their customers' personal data, including names and addresses but not passwords or financial information.

Back in November, Co-op's rival Morrisons was hit by hackers who targeted its warehouse technology supplier, Blue Yonder. The NHS, the Guardian newspaper, and the British Library have also fallen victim to ransomware attacks, causing temporary but significant disruptions.

In some cases, the damage has been fatal. Foreign exchange firm Travelex collapsed six months after a ransomware attack at the end of 2019, with administrators citing the incident as a major factor.

"It's a threat to all of us," said George Weston, chairman of Primark owner Associated British Foods. Cyber crime is "a risk you're never fully on top of, no matter how hard you work at it."

His views are echoed by Barclays chief executive CS Venkatakrishnan, who stated, "we spend a lot of time, attention, and money on cyber security," adding, "this I think is for the foreseeable future close to the top of any business leader's list of things to worry about and spend time on."

When it comes to the M&S attack, he said, "we always try to stay one step ahead, but, as this incident seems to indicate, it is a very dangerous world out there, so we do our best to protect ourselves, learn from others."

At Lloyds, finance chief William Chalmers emphasized the bank's investment in cyber security: "We've spent hundreds of millions of pounds on cyber security," adding, "the scale of the threat to businesses across the board was laid bare in a recent Government report."

That report stated, "for the serious and organized crime gangs behind the global fraud industry, ransomware is an increasingly lucrative part of their operations." Ransomware attacks on UK firms "significantly increased between 2024 and 2025," the report added, with approximately 19,000 companies falling victim over the period.

According to the National Cyber Security Centre, 76% of UK businesses experienced a cyber security incident in the past year. Most were low-level 'phishing' attacks, where fake emails or websites are used to obtain passwords or sensitive information for financial gain.

Smaller firms are not off-limits and can even be viewed as softer targets. One key question is whether companies are appointing enough board directors with cybersecurity expertise.

Most chairmen and CEOs are in their 50s or above – decades older than the teenage hackers of Scattered Spider who've grown up online. It appears that boardrooms may have grown weaker in this respect, with a 2021 study showing that nearly 40% of company boards had a director with specific responsibility for cybersecurity, a figure that has since dropped to just over a quarter.

Professor Oli Buckley of Loughborough University expressed his dissatisfaction, stating, "Ultimately, the buck stops with the chief executive and the board. Boards don't need to become experts in the technical minutiae such as firewalls or encryption, but they do need to be actively engaged, ask the right questions, and ensure the right structures are in place."

Cyber insurance has grown due to the escalating cost of ransomware attacks. These policies generally cover business interruption losses incurred during an attack, the cost of restoring IT systems, and even ransom-related expenses, such as negotiations or legal advice – up to a predetermined limit.

However, insurers conduct sanctions and financial crime checks before approving payouts and do not reimburse payments made to terrorist organizations.

The extent to which companies pay ransoms to stop an attack is unknown. "Cyber insurance is not a silver bullet," explained Prof Buckley. "Insurers require organizations to demonstrate strong cybersecurity controls before offering comprehensive cover, in the same way your contents insurance requires locks on the doors."

For investors, cybersecurity is crucial, given the potential damage it can inflict on share prices. M&S shares, which were climbing strongly, have tumbled more than 8%, erasing £700 million from the company's stock market value (see chart).

Susannah Streeter at investment platform Hargreaves Lansdown warned, "it's a wake-up call for organizations to ensure their IT systems have fortress-like security given the determination of hackers to cause widespread disruption and both financial and reputational damage."

The problem lies in the fact that, no matter how hard a business may try to secure its systems, they must be watertight at all times, while hackers only need to be successful once.

Additional reporting by Emily Hawkins, John-Paul Ford Rojas, and Richard Marsden.

SIPPS: INVEST TO BUILD YOUR PENSION

AJ Bell

AJ Bell

Learn More### Hargreaves Lansdown

Hargreaves Lansdown

Learn More### Interactive Investor

Interactive Investor

Learn More### InvestEngine

InvestEngine

Learn More### Prosper

Prosper

Learn MoreAffiliate links: If you take out a product This is Money may earn a commission. These deals are chosen by our editorial team, as we think they are worth highlighting. This does not affect our editorial independence.

Compare the best Sipp for you: Our full reviews

  • Top brass at M&S are considering cyber insurance policies to cover potential ransom demands, recognizing the escalating cost of ransomware attacks.
  • If a company's IT systems are breached, investing in technology and cybersecurity could be crucial for share prices, as seen with M&S stocks plummeting after the hack.
  • For pensions, it's essential to invest wisely in companies that prioritize cybersecurity to mitigate risks and ensure long-term financial security.
  • The increase in ransomware attacks highlights the need for insurance firms to include coverage for cybersecurity incidents, protecting businesses and their clients from financial loss.
Cyber assaults have drained UK businesses of £44 billion in missed earnings within the last five years, and such incidents have impacted approximately half of all companies, according to insurance intermediary Howden.
Cyber assaults have resulted in British corporations experiencing a revenue loss of £44 billion over the past five years, impacting 52% of companies, as reported by insurance broker Howden.

Read also:

    Related

    Latest