SME Cybersecurity News | SMECYBERInsights.co.uk
SME Cybersecurity News – Helping Keep UK SMEs CYBERSafe with Daily News, Threat Intel & Best-Practice
Helping Keep Small Business CYBERSafe
Málaga: Saturday, 24th May 2025 at 12:00 CEST
REPORTAGE: Marks & Spencer Cyber Crisis Deepens: Website Outage Highlights Years of Security Failures
By Iain Fraser/Reportage & Andy Jenkinson CIP
SMECyberInsights.co.uk – First for SME Cybersecurity
Google Indexed on 240525 at 13:30 CET
#SMECyberInsights #SMECyberSecurity #SMECyberAwareness #CyberSafe #SME #SmallBusiness
The Cybersecurity saga engulfing British retail giant Marks & Spencer (M&S) took another dramatic turn this week, as its main website went dark during the night, sparking concern across the business and security community. The site was offline for several hours before resuming limited functionality shortly after 7:00am.
M&S attributed the outage to “overnight updates”—a phrase that has done little to quell growing unease among customers and industry watchers. The downtime comes as the company grapples with the fallout from a major ransomware attack last month, which continues to cripple online operations. E-commerce capabilities have remained offline since 22 April, with full-service restoration not expected for weeks.
Behind the technical disruption lies a far more troubling truth: Marks & Spencer has for years failed to implement basic cybersecurity controls, leaving it exposed to precisely the kind of attack it suffered. Industry sources and analysts confirm that a range of internet-facing assets remained unpatched and unmonitored, creating clear pathways for exploitation.
These failures are not just technical oversights—they are violations of critical legal and regulatory frameworks. M&S is now believed to be in breach of multiple standards including the UK Data Protection Act, GDPR, PCI-DSS, and the Digital Operational Resilience Act (DORA). Each of these mandates exists to protect consumers and ensure organisations maintain a minimum standard of digital hygiene.
As public trust erodes and regulatory pressure mounts, cybersecurity experts are urging M&S to prioritise remediation efforts and overhaul its current security posture. Without urgent action, the retailer risks prolonged operational paralysis, customer data exposure, and heightened legal scrutiny.
This developing crisis serves as a cautionary tale for other UK businesses: Cybersecurity negligence is no longer an internal IT problem—it’s a boardroom and brand survival issue.
The Latest SME Cybersecurity News, Threat Intelligence & Analysis, Timely Scam Alerts, Best-practice Compliance, Mitigation & Resources specifically curated for UK Based SMEs in a Single Weekly Email direct to your Inbox or Smart Device together with Unrestricted Free Access to our entire SME Cyber Knowledge & Tutorial Library.
About Andy Jenkinson
Group CEO CIP. Fellow Cyber Theory Institute. Director Fintech & Cyber Security Alliance (FITCA) working with Governments. Recognised Expert in Internet Asset & DNS Vulnerabilities.
Andy Jenkinson is a senior and seasoned innovative Executive with over 30 years’ experience as a hands-on lateral thinking CEO, coach, and leader.
