British businesses fear hackers could completely wipe them out following the devastating cyberattack on Marks & Spencer, a survey has found.
Two thirds of security leaders at medium and large sized companies in the UK admit an assault on a similar scale could ‘cripple’ their organisation.
Experts have warned the financial damage from ransom demands and clean up costs can often cost millions of pounds – enough to jeopardise some firms’ futures.
The poll by Absolute Security was carried out just weeks after M&S was hit over the Easter holidays, costing the retailer £300m and shaving £1bn off its market value.
M&S boss Stuart Machin recently admitted the attack – caused by ‘human error’ – had been ‘the most challenging situation we’ve encountered’.
Security leaders further revealed staff still working from home remained a major problem, with 62% revealing remote devices were the ‘biggest weakness’ in their digital defences.
Over half – 51 per cent – of the businesses polled had been hit by a ransomware attack in the past year, with 59 per cent citing it as their biggest concern.
The consequences of such an attack are profound, with 63 per cent of the 250 security leaders polled in May revealing the financial loss from ransomware could cripple their organisation.
British businesses fear hackers could completely wipe them out following the devastating cyberattack on Marks & Spencer, a survey has found
The average cost of a ransomware attack on businesses is £850,000 in the UK – but this can rise exponentially for larger firms.
The LockBit group demanded £65m demanded after hacking the Royal Mail in 20243.
The recovery costs from a cyberattack last year on Synnovis, a pathology services provider for the NHS that led to the cancellation and delay of thousands of medical procedures, were estimated at £32m – over seven times the company’s annual profits.
Several UK firms have already gone bust following cyberattacks.
In 2020, Peterborough-based Travelex went into administration after being hit by a cyber attack by the notorious criminal gang REvil – who demanded a £4.6m ransom – on New Year’s Eve.
The attack caused a month of disruption, with staff unable to use computers to keep track of trading, and impacting high-profile clients including Barclays and Asda.
The company said it ‘had a large part to play’ in the company filing for insolvency later that year, with 1,300 employees losing their jobs.
KNP Logistics – one of the UK’s largest privately owned logistics groups – suffered a similar fate after a huge ransomware attack in June 2023. Three months later, it blamed the cyberattack when it was claimed bankruptcy, making 730 staff redundant.
Over the past month, major UK retailers – including M&S, Co-op, and Harrods – were hit by a wave of coordinated cyberattacks attributed to a hacker group known as Scattered Spider
Over the past month, major UK retailers – including M&S, Co-op, and Harrods – were hit by a wave of coordinated cyberattacks attributed to a hacker group known as Scattered Spider.
The attacks primarily used so-called ‘social engineering’ tactics, in which criminals manipulate employees into sharing sensitive information to get them into internal IT systems.
As a result,one of the biggest challenges remains the threat posed by staff working from home, with critics claiming employees refusing to come into the office often fail to install up-to-date security on their laptops for weeks or even months.
The survey revealed 60 per cent of security leaders believe remote working has ‘complicated’ their ability to defend against cyberattacks.
Jake Moore, global security advisor at cybersecurity software company ESET, said: ‘It’s not surprising that the majority of medium and large businesses would see their future thrown into doubt after a cyberattack.
‘Ransom demands are often in the millions, but even when the ransom isn’t paid, the costs associated with recovery and lost revenue can be staggering.
‘In some cases, such as with M&S, the clean up operation can even cost far more than the original ransom payment forcing an unbelievably difficult decision at the time of attack.’
Andy Ward, SVP at Absolute Security, said: ‘Recent high-profile cyber attacks have highlighted just how vulnerable major British retailers—and indeed many UK businesses—have become. Cybercriminals now have the capacity to severely disrupt, or even dismantle, organisations at scale.
‘Our research reveals that many large and medium-sized UK businesses believe that a serious cyber incident could cripple their operations or threaten their very survival.’