In response to a wave of increasingly sophisticated cyberattacks targeting UK organizations, particularly in the retail sector, the UK government has announced a series of decisive actions to bolster national cyber resilience and curb the growing threat of ransomware.
Recent high-profile incidents — including those affecting Marks & Spencer, Harrods, and the Co-op — have brought the issue into sharp focus.
Go deeper with GlobalData
These attacks, attributed to groups such as Scattered Spider and DragonForce, exploited social engineering tactics to infiltrate IT systems, leading to widespread operational disruptions, compromised data, and significant financial loss.
The attacks have shaken consumer confidence and exposed vulnerabilities in even the most well-established businesses.
In a statement this week, the National Cyber Security Centre (NCSC), the UK’s leading cyber authority and part of GCHQ, confirmed that ransomware incidents across the country have risen sharply since the start of the year.
The NCSC is currently working closely with affected organizations, offering direct incident response support and providing guidance to the broader retail and business sectors on strengthening cyber defences.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataGovernment takes action
As part of its broader response, the government is introducing new measures aimed at deterring attackers and improving organizational preparedness:
- Cyber Security and Resilience Bill: A new bill will be introduced to Parliament in the coming months. It aims to enforce stronger baseline cybersecurity practices across all sectors and increase the uptake of essential protections like multi-factor authentication, patch management, and employee training.
- Ban on Ransomware Payments: In a significant policy shift, the government is moving forward with a ban on ransomware payments for public sector organizations and critical national infrastructure providers. The Home Office is currently consulting on this proposal, citing the need to break the financial incentive model that fuels ransomware gangs.
- Mandatory Reporting Regime: Plans are also underway to establish a mandatory reporting framework for ransomware and other cyber incidents. This would require businesses to notify authorities promptly when they are targeted, improving the UK’s ability to assess threats and coordinate national response efforts.
The role of the NCSC
The NCSC has reiterated the importance of early reporting and proactive defence. As a central hub for cybersecurity in the UK, it offers detailed guidance on how to prevent, detect, and respond to a range of cyber threats — from phishing and malware to denial-of-service and ransomware attacks.
The Centre urges all businesses, especially those in the retail sector, to:
- Report suspected cyber incidents via Action Fraud or directly to the NCSC.
- Adopt NCSC-recommended practices, such as securing remote access, regularly updating software, and educating employees about common threats.
- Engage with cybersecurity consultants to assess and strengthen their cyber posture.
What’s at stake
Cyber incidents, as defined by the NCSC, include any breach of a system’s integrity or availability, unauthorized access to data, and malicious disruption. With retail giants suffering millions in losses and reputational damage, the urgency for reform is clear.
“The recent attacks are a wake-up call for all UK businesses,” said an NCSC spokesperson. “Cybercrime isn’t a distant threat — it’s happening here and now. We must treat cyber resilience as a strategic priority, not a technical detail.”
As the government moves forward with its legislative and policy agenda, organizations are being warned that compliance is no longer optional. In a digital economy, cybersecurity is national security — and the stakes have never been higher.
