Unreported Cyber Attacks: The Hidden Threat to British Businesses
British businesses may face legal obligations to report cyberattacks, following the revelation of unreported incidents affecting large UK firms, including Marks & Spencer. Lawmakers were informed of significant knowledge gaps in cybersecurity. The call for mandatory reporting aims to close these gaps and enhance collective cybersecurity resilience.
British businesses are under scrutiny for not reporting significant cyberattacks, with proposed legislation possibly obligating companies to disclose these incidents. Marks & Spencer's chairman, Archie Norman, highlighted two unreported attacks on major UK firms over the past four months. Norman testified before parliament's Business and Trade Committee regarding an April cyberattack that forced M&S to halt its online shopping operations for nearly seven weeks.
Norman revealed that serious cyberattacks often go unreported to the National Cyber Security Centre (NCSC), creating a 'big deficit' in cybersecurity knowledge. He argued that mandatory reporting of material attacks for companies of a certain size wasn't an over-regulation. The recent attack on M&S, attributed to Scattered Spider and DragonForce, cost the company around 300 million pounds in operating profit.
M&S resumed some services months after the attack, though challenges remain, including claim settlement and system restoration. CEO Stuart Machin expressed optimism about recovery by August, while General Counsel Nick Folland advised businesses to ensure operational continuity with manual processes during system outages.
ALSO READ
India's Ministry of Women and Child Development Champions Cybersecurity Awareness for Nation Builders
WCD Ministry Enhances Cybersecurity in Governance
New Cybersecurity Rules Aim to Stamp Out Mobile Number Fraud
ICC Thwarts Sophisticated Cybersecurity Breach
RBI Advocates for Cybersecurity Resilience with AI-Aware Strategies
Google News