8 July 2025 - UK economic security - Oral evidence

After acknowledging the attack in April, the company was forced to suspend all online sales for weeks and its website operations are not expected to be fully restored for another month or so. It is believed some customer data was also breached. Marks and Spencer has estimated the attack will hit this year's profits by £300 million. 

At around the same time in April, the Co-op Group disclosed “unauthorised access attempts” that disrupted customer and back-office services.  

What happened in these two cases and what does it tell us about UK’s approach, across the public and private sectors, to countering a commercial and economic risk that may be growing to the point where it becomes “uninsurable”?  

Rt Hon Liam Byrne MP, Chair of the Commitee, said: “This was not just a costly disruption. It was a cyberattack that broke through the digital defences of two of Britain’s most cherished retail institutions—Marks and Spencer and the Co-op—in quick succession.

“That should ring alarm bells. Because if attackers can reach these giants, they can reach anyone. The risk is no longer remote but pervasive and, some fear, uninsurable.

“This session is part of our wider inquiry into a simple question: in these new times how do we safeguard the nation’s economic security, on which the security of the realm now depends?   On Tuesday, we’ll continue our work searching for the truth about the new risks we must now face, and the defences now needed to keep the nation’s economy safer.”

Across four panels that also include national security and law enforcement experts, the Committee will seek to: 

- understand the cyber-security threats facing UK businesses of all sizes now 

- understand how well the UK’s response to economic crime is co-ordinated and resourced  

- understand what changes are needed to legislation and resourcing for the UK’s future economic security and growth.