Calls for audit reforms intensify after hackers attack Harrods and other top UK retailers
By 
Ruth Prickett2025-05-16T12:00:00
Cyberattacks on major UK retailers, including Marks & Spencer, Harrods and Co-op, left the companies scrambling to reassure customers and staff about stolen data, pushing issues of cybersecurity and cyber resilience back into the national debate. Now the question is whether compliance managers should expect more technology regulations, or will legislators focus on corporate governance, internal controls and resilience.
Governments across the world are introducing digital and AI regulations to protect consumers and society from intentional and unintentional digital harm. But the ransomware attacks that disabled key players in the U.K. retail sector from April 25 aren’t a new phenomenon enabled by unregulated technology.
Rather, these attacks highlighted failures in internal controls. This was made clear in messages immediately after the attacks began in April from the National Cyber Security Centre (NCSC), warning retailers to guard against scammers impersonating IT support staff to trick employees into revealing their passwords.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefNYDFS to continue crypto enforcement, Superintendent Harris says
The New York Department of Financial Services (NYDFS), led by Superintendent Adrienne Harris, doesn’t intend to let up on cryptocurrency enforcement, even in the face of pullback from the federal government.
-
News BriefDOJ fines MORSE Corp $4.6M for lax cyber controls amid crack down on federal contractors
Yet another government contractor has been slapped with a fine by the Department of Justice for applying lax cybersecurity defenses on sensitive government data.
-
ResourceWhite paper: Constructing a Cohesive Cybersecurity Foundation
The individual requirements for your security and risk operations are increasingly complex—and interconnected. Yet despite this increased interconnectivity, many organizations still manage their security operations (SecOps) and integrated risk management (IRM) functions in silos.
More from Regulatory Policy
-
Basic PageCFPB pulls data broker rule in win for industry, setback for consumer advocates
The Consumer Financial Protection Bureau has pulled back a draft privacy rule that would have required businesses to take more steps before selling consumers’ financial and personal data.
-
News BriefWith “stroke of a pen,” CFPB withdraws controversial guidance docs issued under Dems
The Consumer Financial Protection Bureau has rescinded 39 guidance documents that had provided insight into the regulator’s thinking on a host of topics, including enforcement practices and how companies should handle customer complaints.
-
Basic PageNew DOJ policy means heat is off corporate crime and on drug kingpins
The Department of Justice is moving the enforcement of all but the most heinous white-collar crimes onto the back burner and putting investigations of drug kingpins, illegal immigration, and sanctions evasions up front, Matthew Galeotti, head of the DOJ’s Criminal Division, said Monday.