Nearly a third of office staff are secretly using AI tools at work, risking data breaches, compliance failures, and loss of intellectual property.

Ivanti’s latest Technology at Work report reveals that 42 per cent of employees now use AI daily, but many do so without approval. For example, 36 per cent believe it gives them a hidden edge, while others worry about job security or fear judgement from colleagues. Crucially, even 38 per cent of IT professionals admit to using unauthorised tools, despite knowing the risks.

This covert use of AI, dubbed ‘shadow AI’, is raising red flags across the industry. As Ivanti’s legal chief Brooke Johnson warns: “Employees adopting this technology without proper guidelines or approval could be fuelling threat actors”. Also, a separate study by Veritas found over a third of UK staff had fed sensitive data into chatbots, often unaware of the potential consequences.

Several major firms, including Apple, Samsung and JP Morgan, have already restricted workplace AI use following accidental leaks, but Ivanti warns that policy alone isn’t enough i.e., businesses must assume shadow AI is already happening and act accordingly.

To reduce the risk, companies should enforce clear AI policies, educate staff, and monitor real-world usage. Without visibility and oversight, AI could turn from productivity tool to security liability.

As Europe faces a worsening housing shortage, a new generation of construction robots is being pitched as a solution, but how realistic is the idea, and what does it mean for sustainability, workers, and the industry as a whole?

Rethinking the Way We Build

Housing shortages aren’t new, but in parts of Europe (including the UK) they’ve now reached critical levels. Spiralling costs, strict planning rules, and a growing mismatch between supply and demand have pushed home ownership further out of reach for many. At the same time, the construction sector is facing a crunch of its own.

While other industries have embraced automation and innovation, it seems that construction has remained largely unchanged. For example, today’s building sites largely feature bricks, mortar, manual labour, just as they would decades ago (although there are modern hoists and plant machinery). Arguably, the result is that building is still relatively slow, and is suffering from higher costs and dwindling productivity.

One telling statistic is that, although since 1945 productivity in manufacturing has increased more than eightfold, in construction, it’s only risen by just 10 per cent, and in some cases, has actually gone backwards. For example, building a single-family home now takes longer and costs more than it did 50 years ago, even after adjusting for size. Labour shortages are also compounding the issue. In the UK, the number of bricklayers recently hit a 25-year low, with a third expected to retire within the next decade.

This stagnation is feeding into the wider housing crisis. The shortage of skilled workers delays projects and drives up costs. Meanwhile, urban populations continue to grow, and government targets, such as the UK’s pledge to build 300,000 new homes a year, are consistently missed.

It seems, therefore, that the response by some technologists to propose a different approach may be welcome at this point, i.e. rather than simply trying to build more with the tools that have always been used, suggesting that a total rethink on building is needed.

Robot Builders?

The newest suggestion by some scientists is that autonomous robots, guided by AI and precision software, could take on repetitive and labour-intensive tasks, e.g. laying bricks, moving materials, and even assembling entire walls.

The idea is that robots could help us build faster, more affordably, and with less waste. This is a vision that blends technological ambition with an urgent social need, but the real question is whether this kind of innovation can change things for the better, or whether it’s another idea that will get stuck at the planning stage.

Bricklaying

Amsterdam-based startup Monumental is among those exploring whether robotics could reshape construction. The company has developed a suite of autonomous, electric robots designed to handle one of the most repetitive and labour-intensive tasks on site, i.e. bricklaying.

The system combines:

– Ground-based electric robots that move materials around a site.

– Small crane-like arms that place bricks and apply mortar.

– Computer vision and sensors to track exact positioning.

– A software platform, called Atrium, that maps the environment and guides the robots with millimetre precision.

Each robot is connected to a central coordination system that plans movements, detects site changes, and ensures accuracy in real time. Before building starts, a full 3D scan of the site is taken and aligned with digital building plans. From there, the robots get to work, layer by layer and brick by brick.

Work Alongside Human Builders

It should be noted here that the system is actually designed to work alongside human builders rather than to replace them. For example, labourers still prepare the site, oversee quality, and step in where needed. Monumental calls its approach “software-defined construction”, aiming for flexibility and integration rather than wholesale automation.

Does It Work?

So far, Monumental reports that the robots have built house façades, retaining walls, and other real-world structures across the Netherlands. For example, in 2023, the system completed its first full-scale 15-metre wall, and the company says performance has improved significantly with each iteration, helped by rapid software and hardware updates based on field testing.

The real aim, according to co-founder Salar al Khafaji, is to lay the groundwork for much broader automation, i.e. rather than just bricks, the robots also being able to work with concrete blocks, window frames, door frames, roofing elements, and more.

For now, Monumental appears to be focusing on reliability and practical deployment. The system is offered as a service where clients simply specify the bricks and mortar, and Monumental delivers the finished wall.

Who Else Is Building With Robots?

Globally, construction robotics is actually gaining momentum. In the US for example, Built Robotics offers autonomous trenching and earthmoving systems for infrastructure projects. ICON, known for its 3D-printed homes, has built houses for disaster relief and was recently awarded a $57 million NASA contract to develop construction tech for the Moon.

In Japan, the Shimizu Corporation is experimenting with robots that can handle everything from interior finishing to welding. Closer to home, the UK’s Construction Innovation Hub is exploring off-site manufacturing techniques that integrate robotics for modular building components.

Each approach varies, but the end goal is to make construction faster, more precise, and less dependent on scarce labour.

What It Could Mean for Sustainability

As well as being slow and expensive, traditional construction methods are also environmentally costly. According to the Global Alliance for Buildings and Construction, construction and building operations are responsible for nearly 40 per cent of annual global carbon emissions!

Robotic construction could offer several environmental benefits, such as:

– Electric robots like Monumental’s generate zero on-site emissions and reduce noise pollution.

– Precision placement, which can reduce material waste and rework.

– Faster builds, thereby lowering the overall energy footprint of each project.

By reducing reliance on diesel-powered machinery and minimising disruption, robotic systems could also be better suited to urban infill projects, where sustainability and community impact are closely scrutinised.

That said, the broader carbon impact also depends on material choices, energy sources, and supply chain factors, which robots alone can’t fix.

How Ready Is the Technology?

Despite the progress, fully autonomous building sites remain a long way off. Most current systems (including Monumental’s) focus on specific, repetitive tasks such as bricklaying or trench digging. Complex structural work, finishing, and systems integration still require human expertise.

Performance metrics are still emerging, but Monumental’s field projects suggest the technology is edging closer to commercial viability. The company claims its robots can build continuously, avoid common errors, and scale up with multiple units on one site.

Crucially, it has opted to work within existing construction norms, using conventional bricks, mortar, and pricing structures. This has helped reduce resistance among cautious builders, though long-term data on cost savings and productivity is still limited.

Implications for the Industry and Workforce

With labour shortages biting across Europe (19 countries were reporting a bricklayer shortage in 2022), automation may fill some urgent gaps. In the UK, where one-third of bricklayers are due to retire in the next decade, demand is unlikely to ease.

However, using robots raises familiar questions around job displacement. Even if robots assist rather than replace workers, fewer may be needed on site. That could reshape the training landscape, shift demand towards tech-savvy roles, and put pressure on traditional trades.

For construction firms, although automation could help meet delivery targets, especially for large-scale housing projects, costs, reliability, and integration still weigh heavily. Monumental’s “robot-as-a-service” model, which avoids capital investment and ties pricing to output, is one attempt to lower that barrier. Whether others will follow remains to be seen.

Governments, Policy, and the Housing Crisis

In places like Monumental’s home country, the Netherlands, where the government has committed to building one million homes by 2030, robotic construction may offer a helpful lever, but not a panacea.

In the UK, housing policy remains politically fraught, and delivery targets have repeatedly been missed. If robotic systems can offer faster build times, safer sites, and lower carbon footprints, they could become part of the toolkit for councils and developers alike.

Still, regulation, standards, and public trust are likely to play a major role. Construction robots may be technically impressive, but mass adoption will depend on how convincingly they can be integrated into real, everyday projects.

What Does This Mean For Your Organisation?

It seems there’s no single fix for Europe’s housing crisis, but the slow pace and inefficiency of traditional construction methods have clearly become part of the problem. As this article has highlighted, robotic systems like Monumental’s offer one possible route towards building more homes, more quickly, and with fewer emissions. What’s striking is not just the innovation itself, but the way it’s being packaged, i.e. pragmatic, incremental, and designed to slot into existing workflows rather than disrupt them completely.

In the UK, developers under pressure to meet housing targets may find robotic services attractive, particularly for repetitive or labour-intensive parts of the build. Construction firms willing to engage with these tools early on could gain a competitive edge, especially as skilled labour becomes harder to find. Also, tech providers, equipment suppliers, and training organisations may see growing demand for systems integration, on-site support, and workforce upskilling.

That said, the adoption curve is unlikely to be smooth. Much depends on how well these technologies perform under real-world pressures, how quickly costs come down, and whether builders, regulators and insurers are willing to adapt. Jobs will change (i.e. some may go, others will evolve) and this raises big questions for education, employment policy, and worker protections.

For policymakers and local authorities, there will need to be a balance between embracing robotic construction to help unlock stalled housing developments and support sustainability goals, and rethinking procurement, planning frameworks, and public trust in new technologies. If done carefully, it could support a more resilient and forward-looking housing system. If rushed or poorly managed, it may risk further complicating an already difficult landscape.

What’s clear is that the conversation has moved on from theoretical hype to practical possibility where, although robots aren’t going to replace the construction industry, they may quietly start rebuilding how it works.

Microsoft Copilot Pages is a new editable workspace, like Word, integrated with Copilot. It enables AI-assisted content creation, editing, sharing, tagging, and collaboration across documents on desktop and mobile.

[Note – To Watch This Video without glitches/interruptions, It may be best to download it first]

This tech tip shows you how to effortlessly block unwanted contacts and silence annoying unknown callers, giving you peace of mind and distraction-free messaging.

Blocking Unwanted Contacts:

– Open WhatsApp and go to the chat with the contact or number you want to block.

– Tap the contact’s name or number at the top of the chat.

– Scroll down and tap “Block” or “Block Contact”.

– Confirm that you want to block the contact.

Muting Unknown Callers:

– Go to WhatsApp Settings (three dots or gear icon).

– Tap “Account” > “Privacy”.

– Scroll down to “Calls” and toggle on “Silence Unknown Callers”.

By following these simple steps, you can effectively manage unwanted contacts and calls on WhatsApp, saving yourself time and hassle.

Despite the whirlwind of hype, new research suggests that generative AI chatbots like ChatGPT and Claude have, so far, made barely a ripple in the labour market, leaving jobs and wages largely untouched.

A Grounded Reality Check

A comprehensive study by economists Anders Humlum (University of Chicago) and Emilie Vestergaard (University of Copenhagen) has found that the economic impact of generative AI chatbots on workers has been negligible. Their paper, Large Language Models, Small Labor Market Effects, analysed data from over 25,000 workers across 7,000 Danish workplaces between 2023 and 2024, focused on 11 occupations considered highly susceptible to AI disruption, including software developers, journalists, legal professionals, and teachers.

No Significant Impact

According to findings published in the paper, despite widespread adoption, most firms encouraged chatbot use, 38 per cent deployed in-house models, and 30 per cent of employees received AI training. Crucially, the study found no significant changes in earnings or working hours across any occupation. The researchers, therefore, concluded that “AI chatbots have had no significant impact on earnings or recorded hours in any occupation.”

Just Modest Productivity Gains

It seems that while users reported modest productivity gains, averaging time savings of 2.8 per cent to 5.4 per cent of their weekly hours, these did not translate into reduced workloads. In fact, AI adoption led to new tasks for 8.4 per cent of workers, such as supervising AI outputs or adapting workflows to accommodate the technology.

Other Research Supporting The Findings

Other recent research has also reached similar conclusions. For example, a separate analysis by Barclays, led by economist Mark Cus Babic, examined AI exposure across various occupations and industries in the U.S. and Europe. The study found that less than 10 per cent of core job tasks could be better performed by AI. Interestingly, occupations most exposed to AI were not always at risk of being replaced. For example, while roles like proofreaders and typists are more susceptible to automation, professions requiring significant interpersonal skills, such as translators, are less replaceable.

Contrary to fears of widespread job losses, therefore, the Barclays analysis found that AI exposure correlated with employment growth, not reduction.

However, this study also noted that AI exposure was linked to slower wage growth, with rising AI exposure reducing annualised wage growth by up to 0.74 percentage points.

Contrasting Findings

While these studies suggest a limited immediate impact of generative AI on jobs and wages, other recent research presents a more nuanced picture. For example:

– A 2024 PwC report found that sectors with high AI penetration experienced nearly fivefold greater labour productivity growth compared to less exposed sectors. In the UK, job postings requiring AI skills were growing significantly faster, with employers offering a 14 per cent wage premium, particularly in legal and IT roles. The findings were based on global employment and productivity data tracked by PwC’s Economic Outlook research team.

– A 2023 study by researchers from the University of Oxford and the University of Copenhagen, analysing online labour market data from platforms like Upwork and Freelancer, observed a decline in demand for text-related and programming-related jobs following the introduction of ChatGPT. However, the remaining jobs in these submarkets became more complex, and competition among freelancers increased, suggesting a shift in the nature rather than the volume of work.

– Joint research published in 2023 by the International Labour Organisation and the World Bank indicated that generative AI could potentially automate between 2 per cent and 5 per cent of jobs across Latin America and the Caribbean. The study warned that women and younger workers in formal employment sectors were likely to be disproportionately affected, especially in roles involving routine cognitive tasks.

The Implications

In terms of the implications of the most recent University of Copenhagen research, the minimal immediate impact on jobs and wages may prompt AI developers to reassess their value propositions. It seems that while the technology holds promise for enhancing productivity, the anticipated economic benefits have yet to materialise at scale.

Also, based on these findings, companies investing in AI may want to temper expectations regarding short-term labour cost savings. Instead, the focus could shift towards leveraging AI for incremental efficiency gains and exploring new business models that integrate AI capabilities.

In terms of what this could mean for governments and policymakers, the findings appear to suggest that fears of an imminent AI-induced employment crisis may be overstated. However, the potential for AI to reshape job tasks and create new roles underscores the need for policies that support workforce adaptability, such as reskilling initiatives and education reforms.

As for workers, while it seems (according to this study) that AI has not yet led to significant job displacement, its integration into the workplace is undoubtedly altering job responsibilities. This could mean that workers may need to adapt by acquiring new skills and embracing lifelong learning to remain competitive in an evolving job market.

Perception vs Reality?

One of the more striking contrasts emerging from this research is the growing gulf between how AI is perceived and how it’s actually performing in economic terms. It seems that public debate has largely centred around the threat of mass job displacement, with headlines warning of “white-collar extinction events” and sweeping automation of knowledge work. Yet the data so far simply doesn’t back that up.

For example, a 2024 Ipsos MORI survey found that 61 per cent of UK workers believe AI will significantly reduce job availability within the next decade. However, this fear appears to be driven more by speculation and media narratives than current evidence. Researchers like Humlum and Vestergaard stress that even in sectors with widespread chatbot adoption, measurable labour impacts have been “remarkably muted”.

This mismatch between expectations and evidence could have real consequences, potentially fuelling anxiety, political pressure, or misaligned policy responses. It also raises a challenge for AI companies and advocates, i.e. how to communicate realistic use cases and limitations without losing investor interest or public trust.

What Does This Mean For Your Business?

What this research ultimately seems to reveal is a still-unfolding story, and one that is far less dramatic than the early hype may have suggested. While it’s true that generative AI is being widely adopted across white-collar industries, it looks as though the impact on wages and jobs appears, for now, to be largely neutral. That’s not to say AI isn’t changing the workplace (far from it). However, the kind of sweeping disruption that many predicted simply hasn’t (yet) arrived.

For UK businesses, this latest research provides a valuable window of clarity. It means that rather than expecting AI to deliver immediate cost savings through workforce reductions, firms may find more tangible returns in using chatbots to refine workflows, support staff with repetitive tasks, and free up time for more valuable work. In practical terms, that means revisiting where AI fits in the broader business model, not as a silver bullet for efficiency, but as a support tool, and one that still needs oversight, training, and adaptation to work effectively.

For governments, the findings highlight the importance of measured, evidence-based policymaking. While it’s right to prepare for potential shifts in the labour market, it seems there’s currently no need for panic. The real focus might be better placed on supporting agility within the workforce, e.g. through investment in digital skills, better access to lifelong learning, and guidance for employers on effective technology adoption.

Meanwhile, for AI developers, the study is a reminder that user adoption doesn’t always equal economic impact. The technology may be advancing rapidly, but converting that into broad-based value remains a work in progress. As such, the next wave of innovation may need to focus less on scaling up infrastructure, and more on proving real-world outcomes, especially for sectors still unsure how to integrate these tools meaningfully.

In short, this research invites recalibration and puts things a little more in perspective. Generative AI is here, it’s being used, and it’s shaping how work gets done, yet its impact (at least for now) appears to be evolutionary rather than revolutionary. The real question may no longer be whether AI will replace jobs, but whether we’re ready to redesign the way we work alongside it.

In this Tech Insight, we look at how a major ransomware attack on M&S could happen, who was behind it, how it caused such widespread disruption, and what it means for the company, its customers, and the wider UK retail sector.

What Happened and When?

To help understand how the cyber attack on Marks & Spencer unfolded, here’s a timeline of events from early disruption to the continuing impact on customers, stores, and services:

– 29–31 March. Customers across the UK reported issues with contactless payments and Click & Collect services in M&S stores. At the time, the problems appeared to be routine glitches.

– Early April. M&S confirmed it was dealing with a “cyber incident” and took key internal systems offline to contain the disruption.

– Friday 26 April. M&S suspended all online orders via its website and mobile apps as the situation escalated. Some stores began to report empty shelves. Food halls displayed signs blaming “technical issues” for limited product availability.

– End of April. Further disruption affected in-store services. Gift cards could not be used, food store returns were unavailable, and job applications were taken offline. Speculation grew over the cause and scale of the incident.

– By 2 May. Online shopping remained unavailable with no clear restoration timeline. In-store issues continued, and M&S had yet to confirm when normal operations would resume.

What Kind of Attack, and by Whom?

Cybersecurity researchers and law enforcement sources have since confirmed the incident was a ransomware attack, i.e. a form of cybercrime where attackers encrypt a company’s systems and demand a ransom in exchange for a decryption key.

The group thought to be behind the attack are a loose, English-speaking collective known as Scattered Spider (also known in some circles as Octo Tempest). The group of hackers has gained notoriety for previous high-profile hits, including on MGM Resorts and Caesars Entertainment in the US.

Different

It seems, however, that Scattered Spider operates differently from many of the more traditional ransomware gangs linked to Russia or Eastern Europe. For example, their tactics are sophisticated and often rely on “social engineering”, i.e. impersonating staff over the phone or via email, bypassing security by tricking help desks and IT teams into granting access. In some cases, they’ve used phishing, SIM-swapping, or multi-factor authentication fatigue techniques to break in.

Gained Access In February?

In M&S’s case, some reports suggest the attackers may have gained access as early as February, exfiltrating data before deploying the ransomware payload using malware linked to another group known as DragonForce. The malware encrypted access to vital servers, triggering the cascade of outages that followed.

Was It a Direct Hit, Or Through a Supplier?

One mystery that remains unresolved, however, is how the attackers actually gained entry in the first place. While M&S has not disclosed technical details, some industry insiders have suggested the compromise may have originated through a third-party supplier, a growing concern in the age of interconnected cloud platforms and shared vendor infrastructure.

This approach would make sense in terms of it being the same tactic used in previous Scattered Spider campaigns, where attackers exploited weaknesses in identity management systems like Okta or Microsoft Entra, or leveraged supplier access to leapfrog into target systems.

What’s the Damage So Far?

The fallout from the attack has been both operational and financial. Estimates of the damage caused include:

– £3.8 million in daily online sales lost. M&S’s e-commerce arm reportedly takes in nearly £4 million a day, all of which has ground to a halt.

– Over £500 million wiped from its stock market value. Uncertainty over the scale and duration of the attack spooked investors.

– Empty shelves and store disruption. Particularly in food halls, where logistics and supply chain systems were knocked offline.

– Job ads pulled and staff sent home. Over 200 vacancies vanished from the M&S careers page, and some warehouse workers were told not to come in due to low volume.

Beyond the financial hit, the reputational cost could, of course, be much worse. For example, customers expecting digital convenience, seamless returns, and reliable stock levels have been met with error messages and handwritten signs. For a retailer that prides itself on trust and quality, the breach has struck at the heart of the brand.

Harrods and Co-op Too

Worryingly for the retail sector, M&S isn’t alone. For example, within days, Harrods confirmed it too had been targeted by a cyberattack. While the impact appeared more contained (involving restricted internet access across its stores) it marked another breach of a high-profile UK retailer.

Meanwhile, the Co-op has confirmed that it was also the victim of a cyber attack affecting one of its IT systems. Although the company initially said the disruption had been contained by proactively shutting down affected systems, further investigation revealed that attackers were able to access and extract personal data. This is reported to have included names, contact details, and dates of birth linked to a significant number of current and former members.

However, the Co-op has stated that no passwords, payment data, or transaction history was compromised and that its loyalty and payment systems remain secure. That said, clearly the breach prompted a wider response involving the National Cyber Security Centre and the National Crime Agency. Customers have been urged to stay alert for suspicious activity, and the company has apologised while confirming that it is working closely with data protection authorities to manage the incident.

Although there has been no interruption to food supplies or store operations, the breach has exposed how even a relatively contained cyber event can present serious privacy and reputational risks. In a sector that depends so heavily on trust and repeat custom, this kind of incident can have lasting implications.

These incidents appear to follow an alarming pattern, i.e. it looks as though UK retailers are becoming increasingly attractive targets for cybercriminals looking to cause widespread disruption, and score a quick payday.

Why The Food Sector Is Now a National Cyber Target

While banks and energy firms have long been classed as “critical infrastructure”, attacks like the one on M&S have raised fresh questions about whether food supply chains should be treated with similar urgency.

For example, Dr Harjinder Singh Lallie of the University of Warwick has described the incident as a “red flag” for the food industry’s cyber readiness, and has warned that “attacks like these can seriously disrupt access to basic necessities.” The relevance of this point was all too clear as M&S shoppers saw bare shelves and delayed orders first-hand.

Also, cybersecurity experts have called attention to the knock-on effects of this kind of attack, i.e. a single ransomware attack can ripple across supply chains, logistics providers, warehouse networks, and even government services that depend on consistent delivery.

It seems that the interconnectedness of these systems makes them simultaneously efficient and dangerously vulnerable.

Lessons

Cybersecurity specialists have suggested that the attack on M&S highlights how modern hackers are no longer just exploiting technical flaws. For example, they are now increasingly targeting the trust between companies and their suppliers, employees, and service partners. Analysts have, therefore, stressed the need for stronger identity verification, tighter control over third-party access, and better training for frontline staff such as IT helpdesks. Many are also pointing to the importance of adopting “zero trust” models, where access to systems is never assumed and must be continually verified.

The Motivation for the Attack?

In the case of Scattered Spider, experts have noted the group’s unusual profile. For example, unlike many ransomware gangs based in Eastern Europe, this network appears to involve mostly English-speaking members, including individuals believed to be in their late teens. Their motivation appears to be a mix of financial gain with a desire for recognition, making them both capable and difficult to predict.

Gives a Playbook to Other Cybercriminals

It seems that while most experts agree that this was a criminal act rather than a state-sponsored one, some are warning that the response (or lack thereof) could embolden hostile states watching from the sidelines. As Ciaran Martin, former head of the UK’s National Cyber Security Centre, put it: “My national-level worry is that this gives other bad actors a playbook on how to disrupt Britain at scale.”

What Does This Mean For Your Business?

While the immediate concern for M&S remains restoring full operations and reassuring customers, the wider implications of these attacks are hard to ignore. The scale and severity of the disruption (coupled with the prolonged recovery timelines) have highlighted vulnerabilities not only in retail infrastructure but also in the broader digital supply chain that supports it. These were not just one-off disruptions. They were demonstrations of how a well-organised cyber attack can ripple across departments, damage customer trust, and expose operational dependencies that were previously taken for granted.

For UK businesses, particularly those in retail, food supply, and logistics, the M&S and Co-op incidents offer a sharp reminder that cyber risk is now an operational risk. Being online and interconnected brings enormous efficiency but also opens the door to increasingly sophisticated and persistent threats. The attacks have shown how a breach of one supplier or system can impact everything from stock levels to staff recruitment, and how quickly customer-facing services can grind to a halt.

There are clear lessons here for organisations of all sizes. For example, while investment in technology is essential, so too is investment in people, training, and crisis planning. Basic resilience, i.e. the ability to function when systems go offline, is becoming just as important as innovation. For shareholders, customers and employees alike, the expectation is not perfection but preparedness.

The incidents also raise important questions for regulators and policymakers. If food retail is now so central to daily life that a single ransomware attack can cause national disruption, then its classification as part of the UK’s critical infrastructure may need to be reconsidered. In that context, the M&S and Co-op breaches could act as a turning point and one that prompts a broader shift in how businesses and government work together to anticipate, contain, and recover from this kind of attack.

While M&S works to bring its systems back online and the Co-op continues its investigation, the broader industry is already watching, and hopefully, learning. The hope is that attacks like this don’t become the new normal. If they do, resilience needs to become the new standard.