Latest news with #CyberScotlandPartnership

The Herald Scotland

Why cyber resilience ought to be everyone's business

These incidents are a stark reminder that cyber security is not a tick-box exercise; it is an existential issue that must be treated seriously, from boardrooms to local communities. In Scotland and beyond, threats are evolving fast – and our response must evolve too. Marks & Spencer hit the headlines in April when it announced it had been the victim of a cyber-attack and what happened next was a snowball effect – online orders halted, card payments failed, staff couldn't order stock and digital systems were down. The retailer has since warned of a £300 million hit to profits, with some impacts likely to continue into the summer. While the response was swift and professional, the effect on business operations and customer trust was severe. No matter how prepared we are, attackers remain several steps ahead. Cyber-attacks don't just harm businesses, they affect communities. On Scotland's islands, residents often rely on a single local Co-op for essentials, so the disruption was significant. Stock deliveries were delayed or unavailable, leaving customers without access to necessities. For island communities, where alternative options are limited, this disruption was a reminder of how vulnerable vital supply chains are in a digital-first world. Supply chains are only as strong as their weakest link. Businesses often depend on a complex web of suppliers and tech providers, where one vulnerability can affect many. Organisations must identify and manage cyber risks in their supply chains – both technical and human. Outsourcing a service does not outsource the responsibility. These recent attacks should serve as a reminder for public and private sector organisations to assess their own defences. Cyber security is often treated as a background function rather than a core element of operational resilience. Businesses should: Assess their preparedness Educate staff Test backup and recovery systems regularly Update and rehearse incident response plans Identify and manage cyber risks across supply chains Cyber resilience is also a personal responsibility. Small, simple actions from individuals can reduce risk and improve wider resilience. The public should: Use strong, unique passwords Enable multi-factor authentication (MFA) where possible Scotland takes a joined-up approach to cyber resilience through the CyberScotland Partnership – a hub bringing together government, law enforcement, industry and academia to raise awareness and strengthen national defences. The reality is simple: organisations must be ready to prevent and respond to cyber-attacks. Staff need to recognise threats and act fast. The time to act is now. Cyber resilience is not optional – it is essential. The recent attacks are a wake-up call that must drive change, not just conversation. Ultimately, it's up to each of us to act. Let's not wait for the next crisis to remind us what's at stake. The time to build cyber resilience is now. For more information go to and if you are a victim of a cyber-attack, contact Police Scotland on 101 Jude McCorry is CEO of the Cyber and Fraud Centre Scotland Agenda is a column for outside contributors. Contact: agenda@