The Scattered Spider/Dragonforce cyber attacks that struck Marks & Spencer and Co-op during the spring have been classed as a Category 2 cyber event on the UK Cyber Monitoring Centre’s (CMC’s) recently launched ‘hurricane scale’, with total costs likely to end up somewhere between £270m and £440m.
The CMC – an arm’s-length body set up by the insurance industry to assess the impact of cyber attacks on the UK and help organisations better manage their risk profiles, and backed by cyber experts including former NCSC lead Ciaran Martin – said that based on its incident categorisation matrix, the incident had had a “substantial financial impact” and resulted in “economic reverberations “across third-party suppliers, franchisees and supporting services”.
In their assessment, the CMC team described the impact from the event as “narrow and deep” with significant implications for both companies and knock-on effects spreading to their suppliers, partners and service providers. This is in stark contrast to a “shallow and broad” event like the CrowdStrike incident of July 2024, where a far larger number of businesses suffered but the impact to any one…
