Marks & Spencer has called for a legal obligation requiring UK companies to report major cyberattacks to national authorities. Chairman Archie Norman told parliament that two serious cyberattacks on prominent firms in recent months had gone unreported.
He argued that underreporting leaves a significant gap in cybersecurity knowledge. It would not be excessive regulation to require companies to report material incidents to the National Cyber Security Centre.
The retailer was hit in April by what is believed to be a ransomware attack involving DragonForce, with links to the Scattered Spider hacking group.
The breach forced a seven-week suspension of online clothing orders, costing the business around £300 million in lost operating profit.
M&S had fortunately doubled its cyber insurance last year, though it may take 18 months to process the claim.
General counsel Nick Folland added that companies must be prepared to operate manually, using pen and paper, when systems go down.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A turf war has erupted between two significant ransomware gangs, DragonForce and RansomHub, following cyberattacks on UK retailers including Marks and Spencer and Harrods.
Security experts warn that the feud could result in companies being extorted multiple times as criminal groups compete to control the lucrative ransomware-as-a-service (RaaS) market.
DragonForce, a predominantly Russian-speaking group, reportedly triggered the conflict by rebranding as a cartel and expanding its affiliate base.
Tensions escalated after RansomHub’s dark-web site was taken offline in what is believed to be a hostile move by DragonForce, prompting retaliation through digital vandalism.
Cybersecurity analysts say the breakdown in relationships between hacking groups has created instability, increasing the likelihood of future attacks. Experts also point to a growing risk of follow-up extortion attempts by affiliates when criminal partnerships collapse.
The rivalry reflects the ruthless dynamics of the ransomware economy, which is forecast to cost businesses $10 trillion globally by the end of 2025. Victims now face not only technical challenges but also the legal and financial fallout of navigating increasingly unpredictable criminal networks.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
An AI-driven forecasting tool developed by the Met Office and the University of Exeter is poised to reshape how marine operations are planned. The low-cost model, MaLCOM, has successfully predicted ocean currents in the Gulf of Mexico.
Designed initially to forecast regional wave patterns around the UK, the framework’s adaptability is now helping model ocean currents in new environments.
The tool’s ability to run on a laptop makes it highly accessible, offering real-time insights that could aid offshore energy.
Researchers emphasise the importance of the model’s transparency, which allows users to inspect how it processes data and generates forecasts. This design supports trust in its outputs and offers a strong foundation for ongoing development.
The project began five years ago and has grown through collaboration between academia, government and industry.
Its recent recognition with the ASCE Offshore Technology Conference Best Paper Award underscores the value of partnerships in accelerating progress in AI-based weather and climate tools.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A growing number of writers and developers are finding steady work correcting the flawed outputs of AI systems that businesses use.
From bland marketing copy to broken website code, over-reliance on AI tools like ChatGPT is causing costly setbacks that require human intervention.
In Arizona, writer Sarah Skidd was paid $100 an hour to rewrite poor-quality website text initially produced by AI entirely.
Her experience is echoed by other professionals who now spend most of their time reworking AI content rather than writing from scratch.
UK digital agency owner Sophie Warner reports that clients increasingly use AI-generated code, which has sometimes crashed websites and left businesses vulnerable to security risks. The resulting fixes often take longer and cost more than hiring an expert.
Experts warn that businesses adopt AI too hastily, without proper infrastructure or understanding its limitations.
While AI offers benefits, poor implementation can lead to reputational damage, increased costs, and a growing dependence on professionals to clean up the mess.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The UK government’s evolving defence and security policies aim to close legal gaps exposed by modern threats such as cyberattacks and sabotage of undersea cables. As set out in the recent Strategic Defence Review, ministers plan to introduce a new defence readiness bill to protect critical subsea infrastructure better and prepare for hostile acts that fall outside traditional definitions of war.
The government is also considering revising the outdated Submarine Telegraph Act of 1885, whose penalties, last raised in 1982 to £1,000, are now recognised as inadequate. Instead of merely increasing fines, officials from the Ministry of Defence and the Department for Science, Innovation and Technology intend to draft comprehensive legislation that balances civil and military needs, clarifies how to prosecute sabotage, and updates the UK’s approach to national defence in the digital age.
These policy initiatives reflect growing concern about ‘grey zone’ threats—deliberate acts of sabotage or cyber aggression that stop short of open conflict yet pose serious national security risks. Recent suspected sabotage incidents, including damage to subsea cables connecting Sweden, Latvia, Finland, and Estonia, have highlighted how vulnerable undersea infrastructure remains.
Investigations have linked several of these operations to Russian and Chinese interests, emphasising the urgency of modernising UK law. By updating its legislative framework, the UK government aims to ensure it can respond effectively to attacks that blur the line between peace and conflict, safeguarding both national interests and critical international data flows.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Agentic AI, a new generation of AI that goes beyond automation to deliver full task orchestration, could change how government operates. Sharon Moore, CTO Public Sector UK at IBM, argues the UK Government must adopt this technology to drive operational efficiency and better public services.
Departments using AI agents have already recorded significant savings, such as 3,300 hours saved in HR tasks by East and North Hertfordshire NHS Trust and 800 hours monthly by a New Jersey agency. IBM itself has cut development costs by billions, showcasing the potential for large-scale productivity gains.
Agentic systems integrate multiple AI models and tools, solving complex problems with minimal human intervention. Unlike traditional chatbots, these systems handle end-to-end tasks and adapt across use cases, from citizen services to legacy software modernisation.
To implement these systems safely, the UK must address risks like data leaks, hallucinations, and compliance failures. Moore emphasises that future governance must shift from overseeing individual models to managing entire AI systems, built on transparency, security, and performance oversight.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A ransomware attack on Dutch retailer Ahold Delhaize resulted in a significant data breach affecting more than 2.2 million individuals across US businesses.
The breach occurred in November 2024 following network disruptions at supermarket chains, including Giant Food, Food Lion, and Stop & Shop.
The Inc Ransom group claimed responsibility in April 2025, stating it exfiltrated around 6 TB of data. The company confirmed that stolen files included employment records containing sensitive personal and financial information, with some data already posted on the dark web.
Affected individuals are now notified and offered two years of free identity protection services. The compromised data includes names, Social Security numbers, contact details, and medical and employment information.
Supermarkets have become a growing target in recent cyber campaigns. In April, UK retailers such as M&S and Harrods were also attacked, while distributor UNFI faced major disruptions earlier this month.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The NHS is set to introduce a world-first AI system to detect patient safety risks early by analysing hospital data for warning signs of deaths, injuries, or abuse.
Instead of waiting for patterns to emerge through traditional oversight, the AI will use near real-time data to trigger alerts and launch rapid inspections.
Health Secretary Wes Streeting announced that a new maternity-focused AI tool will roll out across NHS trusts in November. It will monitor stillbirths, brain injuries and death rates, helping identify issues before they become scandals.
The initiative forms part of a new 10-year plan to modernise the health service and move it from analogue to digital care.
The technology will send alerts to the Care Quality Commission, whose teams will investigate flagged cases. Professor Meghana Pandit, NHS England’s medical director, said the UK would become the first country to trial this AI-enabled early warning system to improve patient care.
CQC chief Sir Julian Hartley added it would strengthen quality monitoring across services.
However, nursing leaders voiced concerns that AI could distract from more urgent needs. Professor Nicola Ranger of the Royal College of Nursing warned that low staffing levels remain a critical issue.
She stressed that one nurse often handles too many patients, and technology should not replace the essential investment in frontline staff.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A BT report has found that 42% of small businesses in the UK suffered a cyberattack in the past year. The study also revealed that 67% of medium-sized firms were targeted, while many lacked basic security measures or staff training.
Phishing was named the most common threat, hitting 85% of businesses in the UK, and ransomware incidents have more than doubled. BT’s new training programme aims to help SMEs take practical steps to reduce risks, covering topics like AI threats, account takeovers and QR code scams.
Tris Morgan from BT highlighted that SMEs face serious risks from cyber attacks, which could threaten their survival. He stressed that security is a necessary foundation and can be achieved without vast resources.
The report follows wider warnings on AI-enabled cyber threats, with other studies showing that few firms feel prepared for these risks. BT’s training is part of its mission to help businesses grow confidently despite digital dangers.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A patient has died after delays caused by a major cyberattack on NHS services, King’s College Hospital NHS Foundation Trust has confirmed. The attack, targeting pathology services, resulted in a long wait for blood test results that contributed to the patient’s death.
The June 2024 ransomware attack on Synnovis, a provider of blood test services, also delayed 1,100 cancer treatments and postponed more than 1,000 operations. The Russian group Qilin is believed to have been behind the attack that impacted multiple hospital trusts across London.
Healthcare providers struggled to deliver essential services, resorting to using universal O-type blood, which triggered a national shortage. Sensitive data stolen during the attack was later published online, adding to the crisis.
Cybersecurity experts warned that the NHS remains vulnerable because of its dependence on a vast network of suppliers. The incident highlights the human cost of cyber attacks, with calls for stronger protections across critical healthcare systems in the UK.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
