The CMC is also working to clarify definitions of systemic cyber events to assist insurers with claims, addressing ongoing confusion in the insurance industry regarding cyberattack policy terms.

M&S faced an estimated loss of £1.3 million ($1.74 million) per day during the disruption, with online orders expected to resume gradually, limiting daily losses.

In April 2025, a significant cyber attack targeted prominent U.K. retailers Marks & Spencer (M&S) and Co-op, resulting in financial damages estimated between £270 million ($363 million) and £440 million ($592 million).

The Cyber Monitoring Centre (CMC) classified these attacks as a 'single combined cyber event' due to their close timing, similar tactics, and the involvement of the same threat actor, known as Scattered Spider.

Scattered Spider, also referred to as UNC3944, is believed to have employed advanced social engineering techniques, particularly by impersonating IT personnel to gain unauthorized access.

M&S experienced the most significant operational disruption, with its online sales halted, while the Co-op's impact was felt more acutely in rural areas where it serves as a sole provider.

During the disruption, M&S saw a 22 percent reduction in daily spending, while the Co-op experienced an 11 percent drop in sales, highlighting the severe impact on both retailers.

The attacks led to business disruptions, data loss, and substantial costs for incident response and IT recovery, with business disruption accounting for the majority of the financial implications.

Overall, the financial impact of these cyberattacks is estimated to be between £270 million and £440 million for both companies combined.

The CMC described the impact of the cyber event as 'narrow and deep,' indicating significant consequences not only for M&S and Co-op but also for their suppliers and partners.

This incident marks the first practical application of the CMC's categorization system since its launch earlier in 2025, aimed at informing national security discussions and enhancing cyber resilience in the UK.

In a related warning, the Google Threat Intelligence Group indicated that Scattered Spider is now targeting major insurance companies in the U.S., underscoring the ongoing risk of social engineering schemes.