Fraud and Cyber Insight Welcome to the latest edition of our quarterly Fraud and Cyber Newsletter.

As cyber threats grow in scale, complexity and impact, businesses are facing mounting pressure to strengthen their digital resilience, governance frameworks and legal preparedness. This edition brings together expert analysis on recent incidents, legal developments and strategic lessons to help businesses navigate the evolving risk landscape.

In our first article, we look at the M&S cyber attack, linked to the notorious Scattered Spider group, which underscores the systemic risks posed by third-party contractors and the growing sophistication of social engineering tactics. Such an attack, and others like it, brings an urgent call to action for businesses to reassess vendor access, staff training, insurance coverage and incident response planning.

In Farley v Paymaster, the Court of Appeal has clarified key principles around compensation for data misuse, reinforcing the importance of robust data management and setting a precedent for future group actions. Meanwhile, the Jaguar Land Rover cyber attack reveals the devastating operational and economic consequences of cyber incidents, particularly across complex supply chains, with lessons for risk mapping and resilience planning.

We also explore the first successful recovery under an Unexplained Wealth Order with the sale of Hope Springs House, a landmark moment for the Serious Fraud Office and a signal that proceeds of crime, however well hidden, can be reclaimed.

In the regulatory space, the ICO’s £2.31 million fine against 23andMe highlights the critical importance of layered security controls for sensitive personal data, while our analysis of the Cyber Security and Resilience Bill and ransomware consultation reveals how the UK is responding to the growing threat landscape with stronger legislative tools and reporting requirements.

Finally, we revisit insights from our July Tech newsletter, examining the evolution of ransomware and the strategic steps organisations must take to bridge the gap between technology, people and policy.
 
If you have any suggestions or requests for future editions of the Trowers Fraud and Cyber Insight, please get in touch with one of the team.