Internet Security Center
Total Tests:
This Week:
Today:
Cybercrime Investigations Weekly
A US Federal Contractor Linked To The $46M Crypto Theft Arrested
March 12, 2026
Finnish Psychotherapy Center Hacker Gets Nearly 7 Years In Prison
March 5, 2026
Former Exec Gets 7+ Years For Selling Hacking Tools To Russian Exploit Broker
February 26, 2026
Spanish Police Arrest A Man For Allegedly Booking Luxury Hotel Rooms For One Cent
February 19, 2026
Former US DOD Employee Faces Up To 100 Years In Prison For Aiding Nigerian Scammers
February 12, 2026
Stay in Touch

Get the latest updates, weekly insights, and invites to webinars and events.


Your data will stay confidential Private and Confidential

ImmuniWebInternational Media Coverage

M&S chair calls for mandatory reporting of cyber attacks after "traumatic" ransomware incident – but will it do more harm than good?

IT PRO
By Nicole Kobie for IT PRO
Friday, July 11, 2025

In the UK, breaches of personal data must be reported to the Information Commissioner's Office, but there are no further requirements for hacking attacks that merely cause disruption or leak only corporate data. M&S said in May that some customer data was accessed in the incident.

More harm than good?

Not everyone agrees with Norman's call for mandatory reporting. Dr. Ilia Kolochenko, CEO at ImmuniWeb and a Fellow at the British Computer Society (BCS), said such a requirement could do more harm than good.

One challenge is properly defining what a "reportable attack" would include.

"For example, DDoS attacks may have a huge impact on business operations, but no confidential or regulated data is commonly stolen unless combined with other types of attacks," Kolochenko told ITPro.

"Moreover, DDoS attacks are complex and sometimes technically impossible to investigate. Thus, reporting them to authorities will bring from little to no value."

Beyond that, any reporting rule must include exemptions where alerting authorities would hinder an ongoing investigation, and bodies like the NCSC might need more funding to sort through the deluge of reports.

"Otherwise, we may simply hinder the work of governmental agencies, while failing to attain the underlying goal of the proposed legislation," he said. Read Full Article


Previous Media Publications:

Identity Week: M&S boss tells MPs reporting attacks should be mandatory for all businesses

CPO Magazine: Cloudflare Announces New Content Scraping Protection Feature; “Easy Button” Stops AI Bots With a Click

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

Ask a Question