Managed Backup
Disaster Recovery
Storage Management
Cyber Recovery
CopyAssure
Software Licensing
Managed License Compliance
Software Asset Management
Managed SIEM
Exposure Management
MXDR
MDR
Security Consultancy
Incident Response
Infrastructure Modernisation
Cloud Optimisation
Datacentre Services
Hybrid Cloud
Cyber Security
Zero Trust - Celerity Limited
Secure your data, eliminate risk and harness the power of Zero Trust.
In the past few months, a high-profile data breach at Marks & Spencer has sent shockwaves through the UK’s digital landscape. However, this is by no means the first or the last high-profile breach, with other notable examples including EasyJet and the NHS.
These incidents not only exposed personal data on an unprecedented scale but also highlighted systemic weaknesses that cyber threats continue to exploit. It is essential for all organisations to learn from these events, adapt their security posture, and prepare for the coming regulatory shifts under the Cyber Security and Resilience Bill.
What are the main takeaways from these high-profile breaches?
The Marks & Spencer breach
In early 2025, M&S fell victim to a sophisticated ransomware attack that extracted customers’ names, addresses, and order histories. Despite firewalls and endpoint protection, the attackers gained encrypted data and threatened publication. These hackers are prolific and are also thought to be responsible for the attack on Co-op and a previous attempted attack on Harrods. Stuart Machin, the M&S Chief Executive, confirmed the attack was due to ‘social engineering’ via a third party, where employees were tricked into handing over access. As of the 8th of July 2025, they’ve lost £300 million in gross profits as a result of this attack.
Lesson: It’s essential that all members of your team undergo rigorous cyber security training to ensure knowledge gaps aren’t exploited by cyber criminals. Human error is a risk that applies to every single organisation. Implementing a Zero Trust architecture is also essential in this case, ensuring access is only given to those who need it, using strict identity verification, and leveraging end-to-end encryption.
The EasyJet breach
EasyJet’s breach impacted around nine million customers, with email addresses and travel details compromised, as well as some credit and debit card data accessed. The exact cause of the attack is unknown; however, we know it involved unauthorised access to their systems in a highly sophisticated manner.
Lesson: Robust perimeter defences are no longer sufficient. You must implement file integrity monitoring, network segmentation, and immutable backups to ensure rapid recovery. As cyber threats become increasingly advanced, the continuous evolution of your security posture is critical.
The NHS breach
The NHS incident stemmed from a ransomware attack on a software supplier, affecting over 79,000 patient records and disrupting critical services. This illustrates how supplier weaknesses can lead to detrimental effects on your organisation.
Lesson: Supplier and supply-chain risk management must be integral to your security strategy. Conduct thorough due diligence, enforce security standards on vendors and maintain incident response plans that account for third-party failures.
What about the Cyber Security and Resilience Bill?
The UK government’s forthcoming Cyber Security and Resilience Bill, a cornerstone of the broader Plan for Change, will expand existing regulations to reinforce the nation’s digital defences. Key provisions include:
- Beyond critical national infrastructure, digital service providers and supply-chain partners will fall under mandatory security standards
- All cyber incidents, including ransomware events, must be reported within 24 hours. This replaces the previous 72-hour window under UK GDPR
- The Information Commissioner’s Office (ICO) will gain greater powers to impose fines and sanctions for non-compliance
Organisations must prepare now by accelerating compliance initiatives, updating incident response playbooks and embedding security controls that will soon become statutory requirements.
The recent breaches at M&S, EasyJet and the NHS serve as stark reminders that no organisation is immune. As cyber threats grow more sophisticated and regulatory pressures increase, UK businesses must embrace a proactive, resilience-focused mindset.
By adopting continuous risk assessments, zero-trust architectures, advanced detection and response, and stringent supply-chain governance, and by preparing for the new Cyber Security and Resilience Bill, you can safeguard your data, maintain customer trust and secure your licence to operate in an increasingly digital economy.
Curious about what the consequences of a data breach might be for your business? We break it down in our blog about the legal consequences of data breaches. However, if you need a more comprehensive idea of what the financial ramifications of a breach would be on your business, we can put a number on this for you here.
