ROUNDTABLE PANELISTS

STUART SEYMOUR

JUSTIN KURUVILLA

NICK GODFREY

CHIEF INFORMATION SECURITY OFFICER

CHIEF CYBERSECURITY OFFICER

SENIOR DIRECTOR & GLOBAL HEAD

VIRGIN MEDIA O2 t Cyber LIVE London, three leading cybersecurity experts gathered to discuss the evolving threat landscape and strategic responses. The timing was particularly relevant, with major UK retailers M&S and Co-op suffering significant cyberattacks that had crippled operations. Initial reports suggested the M&S breach may have originated from social engineering – a fraudulent call to IT requesting credential changes. Against this backdrop of real-world incidents affecting household names, the panel explored lessons learned, industry collaboration, and the strategic imperatives facing organisations in 2025’s increasingly complex digital threat environment.

RISK LEDGER

GOOGLE CLOUD

120

CYBERSECURITY

With M&S and Co-op recently hit by cyberattacks, possibly through social engineering, what lessons can organisations learn?

It’s a whole-of-business problem, not just security. The extent to which businesses have digitally transformed changes the attack surface and threat profile significantly.

Justin Kuruvilla: We haven’t seen any official reports yet. If it was spear phishing, have we learnt anything new? I don’t think so – this has been around for years. With AI, it could have been a voice or video call that made it seem like someone of importance. But hopefully organisations have adopted an assumed breach mentality – train your staff in cyber hygiene, but if the worst happens, how do you contain the blast radius?

Stuart Seymour: One aspect of cybersecurity is that everything’s new. Always. The threat continually evolves – as we shut one door, they open another. What’s disappointingly not new is ambulance chasing vendors on LinkedIn, assuming the role of ‘director of hindsight,’ claiming they have silver bullets. We can do better.

Nick Godfrey: Fundamentally, attacks enter through technical or human compromise. We have a growing problem with remote IT workers – North Korean actors gaining insider access.

121