Philip Ingram MBE discusses the UK’s escalating cyber threat: How landmark attacks on Jaguar Land Rover, Marks & Spencer and Harrods revealed vulnerabilities in legacy systems, spurred a £2bn strategy overhaul and signalled a turning point in national resilience.

Modern cyber warfare

The stark reality of modern cyber warfare hit home this year as some of the UK’s most iconic brands were brought to their knees.

Jaguar Land Rover’s global production lines ground to a halt after a sophisticated cyberattack, forcing workers home while factories stood idle.

This was not long after, Marks & Spencer suspended its online retail operations for weeks following a ransomware attack that cost the company an estimated £300 million.

Even luxury retailer Harrods was not immune, suffering a significant data breach that compromised customer information and shook consumer confidence.

These incidents are not isolated; they are the front line of a relentless digital assault on UK plc.

According to the National Audit Office, “digital threats now rank among the top three risks facing UK manufacturing,” a sentiment that echoes across all sectors.

The attacks destroy operations, inflict severe financial damage and expose vulnerabilities that even major corporations cannot escape.

JLR acknowledged this reality last year, signing an £800 million deal with Tata Consultancy Services for cybersecurity services, yet as the recent shutdown proves, defensive walls are never high enough.

A national cybersecurity defence strategy

In response to this escalating threat, the UK government has significantly bolstered its national cybersecurity defence strategy.

An updated investment of over £2 billion now targets national cyber resilience, the protection of critical infrastructure and the sophisticated attacks hitting British businesses and public services.

Announced across 2024 and 2025, the commitment represents one of the largest government cybersecurity investments in UK history.

Key elements include the aggressive modernisation of outdated government IT, the integration of AI-powered threat detection and the establishment of new, more robust public-private partnerships.

This is not just an increase in funding; it’s a fundamental shift in strategy.

The Government Cyber Security Strategy: 2022-2030, first published in January 2022, marked a systematic approach to securing government infrastructure.

However, the events of the past 18 months have accelerated its implementation and expanded its scope.

The Government Security Group (GSG) within the Cabinet Office is now driving a more aggressive timeline, with critical milestones for resilience now set for the end of 2025.

Security holes

Old IT systems have long been the Achilles’ heel of government operations.

The National Audit Office found 228 outdated systems still running as of March 2024, with departments lacking proper funding plans for around half of these vulnerable systems.

In 2025, a new directive was announced: A mandatory, funded decommissioning schedule for all systems deemed “high-risk.”

Ministers are now systematically shutting them down, addressing the core problems: An end to security updates from their creators, a lack of skilled technicians and known security holes that are actively exploited by hostile actors.

NCSC’s “Early Warning” service

A cornerstone of the 2025 policy update is the mandatory integration of AI and real-time threat detection across all government departments.

The NCSC’s “Early Warning” service, which uses a combination of public, commercial and classified sources to spot potential attacks, is now being supercharged with next-generation AI.

A new partnership, announced in early 2025 with several leading UK tech firms, will create a centralised “digital tripwire” system, capable of identifying and isolating threats before they can spread across government networks.

This is a direct response to attacks like the one on JLR, where the virus was able to move laterally across the company’s global network.

The definition of Critical National Infrastructure (CNI) has been formally expanded in 2024 to include all major data centres and crucially, their primary supply chain partners.

This follows the clear lesson from the M&S attack, which originated not from a direct assault, but through a compromised third-party logistics provider.

“Cyber security is a complex, highly challenging and wide-reaching resilience issue for the UK,” warns Conrad Prince, a Distinguished Fellow at RUSI and former Director General for Operations at GCHQ.

New Cyber Security and Resilience Bill

The new Cyber Security and Resilience Bill, fast-tracked through Parliament in 2024, now mandates stringent third-party risk assessments for any company providing services to CNI.

Companies that only assess third-party risk during onboarding have been shown to suffer attacks 68% of the time, whereas those who assess continuously faced attacks in just 32% of cases.

The new legislation makes continuous assessment a legal requirement.

The most significant strategic shift is the “defend as one” approach.

The scale and pace of threats demand a coordinated response that shares cybersecurity data, expertise and capabilities across all sectors.

The Cyber Information Sharing Partnership (CISP) has become the world’s largest public-private cyber collaboration network, with over 17,000 users.

A 2024 initiative has seen the creation of sector-specific “Fusion Cells,” where experts from private companies like Tata Consultancy Services work alongside government analysts from the NCSC and GCHQ.

This allows for the rapid sharing of threat intelligence; for example, the specifics of the malware used against JLR can be instantly shared with other manufacturers to bolster their defences.

The Government Cyber Advisory Board

The Government Cyber Advisory Board has also been expanded in 2025, bringing in senior experts from major financial institutions and tech giants like Google DeepMind and Microsoft.

This ensures that the government’s strategy is informed by the very latest private sector innovations and threat intelligence.

A catalyst for change

The UK government’s bolstered £2 billion cybersecurity strategy marks a decisive moment in the nation’s digital defence.

The devastating attacks on household names like Jaguar Land Rover, Marks & Spencer and Harrods have served as a brutal but necessary catalyst for change.

However, the most crucial element is the “defend as one” philosophy.

The recognition that neither the public nor private sectors can fight these threats alone has led to unprecedented levels of collaboration.

No strategy can guarantee complete protection in an ever-evolving threat landscape, but this approach addresses the most pressing vulnerabilities while building a more resilient and coordinated defence across all sectors.

The next few years will be critical, but for the first time, the UK has a cybersecurity strategy that is as dynamic and integrated as the threats it faces.

This article was originally published in the October edition of Security Journal UK. To read your FREE digital edition, click here.