Monday morning’s Today Programme (01/05/2025) on BBC Radio 4 cast a sharp spotlight on the growing wave of cyber attacks confronting UK organisations. With Marks & Spencer still struggling to recover from a major cyber incident, host Amol Rajan spoke to two leaders who have experienced the real-world impact of these attacks: Sir Charlie Mayfield, former chairman of John Lewis, and Sir Dan Moynihan, CEO of the Harris Federation.
Together, they offered a sobering glimpse into what happens when complex systems are brought down by ransomware and how businesses and institutions must respond. It’s a conversation that mirrors the increasing focus across industry on cyber resilience, a focus shared by platforms like Cyber Tzar, which help organisations prepare for exactly these scenarios.
This article was inspired by the recent cyber attacks across UK retail, specifically Marks & Spencer’s and the Cooperative, plus the Harris Federation (of Schools), as reported on BBC Radio 4’s Today Programme (01/05/2025). This interview will be unavailable after a month, but you can still read excerpts at “Inside the Breach: What M&S and the Harris Federation Reveal About UK Cyber Vulnerabilities“.
M&S Offline: What It Means for Retail
Marks & Spencer remains unable to process online orders. Its click-and-collect service is suspended, and in some stores, shelves are going bare. The National Cyber Security Centre has issued warnings to the wider retail sector, while the Metropolitan Police begin their investigation. Meanwhile, the Co-op has faced a similar disruption, having had to isolate parts of its own IT infrastructure.
Sir Charlie Mayfield acknowledged the pressure M&S is now under:
“Clearly it’s going to affect sales, and it’ll also be affecting the operations of the business in terms of the cost they’re incurring to fix it… It’s pretty all-consuming.”
Retail is now fully entwined with digital systems, and the fallout is immediate when those systems go down. As Mayfield put it:
“Online shopping has completely transformed retail… As technology becomes more pervasive, the risk of this kind of attack rises with it.”
The financial and operational costs are high, but the reputational damage can be even worse. That’s what attackers count on.
“They’re criminals,” Mayfield said. “They’re after disruption and they’re after data with which they can effectively blackmail organisations into paying.”
When asked whether true resilience is even possible in today’s threat environment, Mayfield responded bluntly:
“You can’t ever be fully resilient. What you have to be is constantly improving your resilience, because all businesses are vulnerable.”
This is a principle echoed in Cyber Tzar’s work across sectors: resilience isn’t binary—it’s continuous. Monitoring risk posture, surfacing vulnerabilities, and benchmarking readiness are part of a dynamic, ongoing process.
And these incidents are far more common than the headlines suggest.
“These attacks are happening a lot more than people think… Most don’t get anything like the coverage that a household name like M&S gets.”
Recovery is not quick or easy.
“This isn’t the sort of thing you can switch on and off in a 24 or 48 hour period,” Mayfield warned.
Lessons from a School System Under Siege
Sir Dan Moynihan’s Harris Federation, comprising 55 schools serving disadvantaged communities, was targeted by the Russian ransomware group REvil in 2021.
“We were hacked in 2021 by a group of Russian hackers called REvil… Their purpose was to blackmail us into paying $4 million.”
The attack crippled their systems.
“We lost access to teaching materials, lesson plans, registration systems. Our phone systems went out. We couldn’t pay our staff. It was an absolute nightmare.”
The group brought in external specialists to handle the situation—experts who even deployed a hostage negotiator.
“We approached a firm of cyber specialists who had a hostage negotiator… He pretended to be a young IT worker and stalled the hackers.”
This bought them time to rebuild.
“It took us about 3 months to get back to where we started and it cost us about £750,000,” Moynihan explained.
But the logistical task was enormous:
“We had 30,000 devices that had to be individually cleaned.”
Moynihan’s ethical stance remains firm. Despite the pressure, they refused to pay the ransom.
“Don’t pay. Don’t encourage the criminals,” he said, citing not only the Federation’s principles, but also the risk of making schools even more of a target if ransom payments became routine.
This kind of moral clarity underlines the importance of forward planning. For institutions like the Harris Federation, and for the clients Cyber Tzar supports in education and beyond, preparedness is not just technical—it’s ethical.
The Takeaway: Resilience, Vigilance, and Moral Resolve
From high street retailers to education providers, the message is clear: cyber attacks are not rare events—they are now a persistent threat. Organisations must plan not just to prevent attacks, but to withstand and recover from them.
As Mayfield noted, true resilience is not a fixed state:
“What you have to be is constantly improving your resilience.”
And in moments of crisis, leadership matters. Moynihan’s refusal to pay was a stand for principle, but also for long-term deterrence.
Whether you’re running a retail chain or a school trust, the same questions apply: Can we respond effectively? Can we protect our people and our data? And are we willing to make difficult decisions in the face of blackmail?
Cyber resilience may be complex, but it begins with a simple commitment: be ready.
At Cyber Tzar, we help organisations turn that commitment into action through intelligent risk scoring, continuous vulnerability monitoring, and clear insights across your digital supply chain. Whether you’re facing ransomware threats, regulatory pressure, or reputational risk, we make resilience measurable, manageable, and actionable.
Now is the time to strengthen your defences, before attackers do it for you.
Explore how Cyber Tzar can help at: cybertzar.com
