Cybersecurity is a necessity not a luxury, says government minster

Recent attacks show extent of serious, organised crime

The recent wave of cyber-attacks on well-known retailers should serve as a “wake-up call” for businesses across the UK, a senior government minister has warned.

Chancellor of the Duchy of Lancaster Pat McFadden, speaking at the government’s flagship cybersecurity event, CYBERUK 2025, has said that the recent disruption suffered by Marks & Spencer, Co-op and Harrods has shown the cybersecurity is not a nice-to-have, but a necessity.

McFadden said:

“These cyber-attacks are not a game. Not a clever exercise. They are serious organized crime. Their purpose is to damage and extort. It’s the digital version of an old-fashioned shake down. Either straight theft or a protection racket where your business will be safe as long as you pay the gangsters.”

The attacks on the three retailers, which are thought to have begun at Easter, are currently being claimed by DragonForce, a Ransomware-as-a-Service (RaaS) syndicate. The people behind the attack are being associated with the Scattered Spider group – a widely distributed, and loosely connected group of teenagers and young adults mainly based in the Uk and US.

The hackers contacted several media outlets, including the BBC and Bloomberg, to prove that that not only had they infiltrated the three UK retailers' IT networks, but had also exfiltrated customer and employee data. Customers have been warned to be vigilant about unusual phone calls and messages and to avoid repeating passwords across multiple sites.

Mark & Spencer is still struggling to get its online business operating as normal after the attack, and there have been gaps on shelves in stores for more than a week. Whilst it’s the type of retailer which enjoys customer loyalty, there is only so long customers are prepared to wait.

McFadden emphasised in his speech that cybersecurity offers a huge economic opportunity for the UK, saying the sector is a “prime target for economic growth” in the government’s upcoming Industrial Strategy. There are more 2000 cybersecurity businesses across the UK and the sector is growing.

“We’re already the third largest exporter of these products and services in the world,” McFadden pointed out.

McFadden was also at the event to launch a report outlining how AI will enable cyber threat actors to become more effective and efficient over the coming years. The report warns of AI both increasing the available attack surface for criminals and also shortening the time it takes for cybercriminals to exploit vulnerabilities.

Commenting on the report’s findings, Sabeen Malik, VP Global Government Affairs & Public Policy at Rapid7, welcomed McFadden’s speech, but emphasised the importance of collaboration between public and private sectors.

“It’s good to see the UK government acknowledge the importance of public-private cooperation at CYBERUK today. Effective cyber policy must involve those with frontline expertise and experience.

The private sector’s technical capabilities and situational awareness must be combined with the government’s broader strategic view of national and international threats to combat cybercrime.

For this to be truly effective, governments need to design partnerships that actively analyse the data gathered to identify which behaviours and deterrents actually work within the UK’s unique risk environment.

“A more dynamic and data-driven exchange between sectors is key to strengthening the UK’s cyber resilience. This will result in both public institutions and businesses being better equipped to defend against evolving threats.”