M&S chair calls for mandatory reporting of cyber attacks after "traumatic" ransomware incident - but will it do more harm than good?
Briefly

Marks and Spencer chair Archie Norman advocated for mandatory disclosure of cyber attacks by companies, revealing that M&S suffered a ransomware attack in April, which resulted in an estimated loss of £300 million in sales. The company is currently in 'rebuild mode' and expected to resume full operations soon. Norman described the attack as traumatic and clarified that it was executed through sophisticated social engineering rather than security flaws. He suggested that despite damage incurred, paying a ransom was unlikely to be a viable solution.
The chair of Marks and Spencer emphasized that companies should disclose cyber attacks, revealing that they suffered a ransomware attack causing up to £300 million in sales loss.
Archie Norman described the ransomware attack as traumatic and admitted M&S is in 'rebuild mode' following the incident, indicating a difficult recovery process.
Norman noted that the cyber attack involved sophisticated social engineering tactics, contradicting claims of a security lapse, and highlighted challenges faced by cybersecurity teams.
He suggested that paying a ransom would have been illogical since the systems were already compromised and substantial damage had already occurred.
Read at IT Pro
[
|
]