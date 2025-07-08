Marks & Spencer chairman Archie Norman has described the recent ransomware attack on the retailer’s systems as something akin to an “out-of-body experience” as he called for cyber attack victims to be brave, bite the bullet, and be open and transparent about their experiences.

Speaking before the Business and Trade Sub-Committee on Economic Security, Arms and Export Controls – in a session at which representatives from fellow attack victim Co-op Group and various cyber experts including former National Cyber Security Centre (NCSC) chief Ciaran Martin also gave evidence, Norman said that while he did not believe government can regulate its way to security, there was a role for it to play in making sure learnings from security incidents are discussed and dispersed, particularly at boardroom level.

He said M&S wanted to use its experience for the benefit of government and other businesses. “I’ve already got one or two boards that have invited me to come and see them and share our war stories, which I will certainly do,” he said.

“We do think that mandatory reporting is a very interesting idea,” said Norman. “It’s apparent to us that quite a large number of cyber attacks never get reported to the NCSC. In fact we have reason to believe there have been two major cyber attacks on large British companies in the last four months which have gone unreported.

“We think that’s a big deficit in our knowledge as to what’s happening. I don’t think it would be regulatory overkill to say if you have a material attack … for companies of a certain size you are required within a time limit to report those to the NCSC and that would enhance the central intelligence body around this.”

He said that early on – before reports of a cyber attack hit the front pages – M&S had shared all the information it had about the ongoing incident with the National Cyber Security Centre (NCSC) so that it could alert other retail businesses, likely including Co-op Group. He also revealed that M&S had received an undisclosed level of support from the US FBI, saying that the FBI was “more muscled up” in this regard.