By now, you’ve probably heard about the cyber-attack on Marks & Spencer, one of the UK’s biggest high-street retailers, that took place over the Easter weekend. Rather than targeting M&S directly, the hackers exploited vulnerabilities in a third-party supplier. Using social engineering techniques, they manipulated individuals into revealing their login credentials, proving once again that humans, not just systems, are often the weakest link in cybersecurity. But what made this attack so alarming was what happened (or didn’t happen) after…
So, what went wrong after the attack?
M&S later admitted they didn’t have a Cyber Incident Response Plan in place beforehand. The result? A staggering £300 million ($403 million) loss in operating profit for the year leading up to March 2026.
In today’s digital world, cyber-attacks aren’t just possible, they’re inevitable. The real question is: do YOU know how to respond? Do you have the right plans in place to protect your business if it happens to you?
In this blog post, we’re breaking down two essential strategies every business needs: the Incident Response Plan (IRP) and the Disaster Recovery Plan (DRP). We’ll explain what they are, why they matter, and how having both could be the difference between recovery and ruin.
And remember, this isn’t just about M&S. These kinds of attacks are happening to businesses of every size, all around the world.
We get it, they sound similar, it can be confusing for sure so let us explain: The key distinction lies in the overall purpose of each. An Incident Response Plan (IRP) outlines the procedures for your business to follow to during an incident so that you can quickly contain the threat, minimise the damage and take control over the situation.
A Disaster Recovery Plan (DRP) focuses on how you will then recover after the incident. It will guide your business through restoring your IT systems, recovering any lost data and getting operations back to normal, minimising downtime.
To put it simply, think of the IRP as your emergency response team, ready to jump in with clear roles and tasks during an incident to contain the threat, and your DRP is your rebuild crew who will get things back up and running as soon as. Without both plans, your business could be left scrambling during and after a cyberattack, risking lost data, lost trust with your clients and serious downtime.
Can you see why BOTH are crucial for any business?
If the answer is still no, we’re now going to tell you about the scary consequences of having no plans…
Hopefully by now, we’ve made it clear just how important it is to have both an Incident Response Plan (IRP) and a Disaster Recovery Plan (DRP) in place. But let’s talk about what really happens when you don’t…and yes, it gets a bit scary.
Firstly, attacks can remain undetected from days to months; This can happen due to there being no IRP in place since this includes detection strategies. JD Wetherspoons are an example of this, in 2021 a breach went undetected for almost 3 days when a Russian hacking group quietly stole the data of 656,723 customers through a public Wi‑Fi hack.
We’ve already mentioned that M&S is expected to lose around £300 million because of their recent cyber-attack. That figure isn’t just about the breach itself, it reflects the financial aftermath of not being prepared. Without an IRP or DRP, your business is far more likely to suffer significant downtime. You won’t have the tools or procedures in place to respond quickly, contain the damage, or recover systems efficiently. That means missed sales, disrupted services, and lost opportunities.
But it doesn’t stop there. Reputation damage can hit just as hard as financial loss. When customers see that you’ve failed to respond effectively, or worse, failed to protect their data, they lose trust. And once that trust is gone, it’s incredibly difficult to win back.
Then there’s the risk of regulatory fines. If your business operates in sectors governed by data protection laws like the UK GDPR, not responding properly to a cyber-attack could lead to investigations and serious financial penalties. In some cases, companies have been fined millions of pounds for failing to adequately protect customer data or notify authorities on time. For example, UK construction firm Interserve were hit with a £4.4 million fine by the ICO after they failed to protect customer data due to poor-incident response.
And remember, the financial impact isn’t just a short-term hit. The consequences can stretch out over months or even years, as you deal with the cost of recovery, legal fees, regulatory scrutiny, and long-term customer churn.
If there’s one takeaway from the M&S cyber-attack and countless others like it, it’s that being unprepared is a risk no business can afford.
We’ve seen how a lack of an Incident Response Plan (IRP) and Disaster Recovery Plan (DRP) can lead to devastating consequences: financial loss, operational downtime, reputational damage, customer distrust, and even regulatory fines. It’s not just about preventing an attack (though that’s important too), it’s about knowing exactly how to respond when it happens.
Cyber threats are no longer rare events. They’re a constant, evolving risk to organisations of all sizes. The question isn’t If you’ll be targeted, it’s when. And when that moment comes, having these two plans in place could mean the difference between recovery and collapse.
Don’t wait for a breach to realise what’s missing.
In our next blog post, we’ll walk you through exactly how to build a strong IRP and DRP for your business step by step.
Important Links:
You can find more information about Microsoft Defender XDR here:https://www.microsoft.com/en-gb/security/business/siem-and-xdr/microsoft-defender-xdr
Read about Incident Response from Microsoft here: https://www.microsoft.com/en-gb/security/business/security-101/what-is-incident-response
Read about Disaster Recovery from Microsoft here: https://azure.microsoft.com/en-us/resources/cloud-computing-dictionary/what-is-disaster-recovery
Read our blog post on Device Code Phishing attacks here: https://a4scloud.solutions/device-code-phishing-attacks-detect-and-prevent/
Read our latest LinkedIn post here: https://www.linkedin.com/feed/update/urn:li:activity:7330902690350133248
Go to our Buy page for information about licensing: https://a4scloud.solutions/hardware-software-cloudassets/
