Artificial Intelligence and the Cybersecurity Reckoning

In a digital world where data is the new oil, cybersecurity has become the fortress gate of any modern business. Yet despite this reality, many organisations continue to treat security as an afterthought—a compliance checkbox, rather than a mission-critical function, as important as any other day-to-day operational activity.

This problem is not theoretical. It’s real, and it’s costly. And it’s happening right now.

The M&S Cyberattack: A Wake-Up Call for All

In April 2025, the iconic British retailer Marks & Spencer (M&S) revealed it had been the victim of a sophisticated cyberattack. The incident, reportedly executed by the Scattered Spider hacker collective, exploited vulnerabilities in a third-party contractor’s access credentials. This single breach point allowed threat actors to infiltrate M&S’s infrastructure, disrupting operations across digital services, customer interfaces, and supply chain systems.

The damage? An estimated £300 million in lost profits and a £1 billion reduction in market value within a matter of days. While M&S responded swiftly, working with the National Crime Agency and private cybersecurity consultants, the impact was already done—reputational damage, shaken customer trust, and a renewed public scrutiny of how seriously major enterprises treat cybersecurity.

And M&S wasn’t alone.

A Year of High-Profile Breaches

The M&S breach is part of a broader pattern over the last few years that read like a grim logbook of corporate operational outages, as few examples include:

• UnitedHealth Group’s Change Healthcare Division suffered a ransomware attack that crippled hospital systems and delayed prescriptions across the U.S., with financial losses surpassing $2 billion.

• MGM Resorts was attacked by the same Scattered Spider group, leading to week-long service disruptions, unavailable hotel bookings, and compromised loyalty program data.

• Royal Mail faced operational paralysis after a LockBit ransomware attack froze international shipments and highlighted legacy system vulnerabilities.

• It is possible and likely that each of these incidents stems from the same underlying issue: security being bolted on after the fact, rather than baked security considerations into the IT architecture from the start. We know that building security into application at the start can be a lot easier than retro-fitting security afterwards.

Enter AI: Changing the Cybersecurity Landscape

As cyber threats evolve in scale, frequency, and sophistication, traditional security models are simply not fast or flexible enough to respond. This is where Artificial Intelligence can fundamentally shift the paradigm.

AI isn’t just a buzzword—it’s an essential strategic layer in modern cybersecurity defence.

Here’s why:

1. Real-Time Threat Detection and Prevention

Cyberattacks are no longer slow and deliberate—they are fast, automated, and often invisible to traditional detection systems. AI-powered threat detection uses machine learning to analyse network traffic, endpoint activity, and user behaviour in real time.

• For example, an AI model can instantly flag an employee login at 3 AM from an unusual IP address in a foreign country, cross-reference it against historical behaviour, and automatically trigger a multi-factor authentication (MFA) challenge or session lockout.

2. Behavioural Analytics and Anomaly Detection

Unlike rule-based systems that rely on predefined patterns, AI models can learn and evolve. They develop a baseline of “normal” behaviour across systems and users—then detect subtle deviations that suggest malicious activity.

• This capability is especially crucial in insider threat detection, where traditional firewalls offer little protection.

3. Automated Incident Response

When milliseconds matter, human response alone isn’t fast enough. AI-driven systems can autonomously:

• Quarantine affected devices

• Block malicious IP addresses

• Roll back compromised files

• Escalate alerts to human analysts only when necessary

This reduces response time from hours to seconds, significantly limiting damage.

4. AI-Driven Threat Intelligence

AI can comb through global threat feeds, dark web forums, and open-source intelligence to provide real-time threat intelligence. It enables organisations to anticipate attacks before they happen—based on patterns, global indicators of compromise (IOCs), and known attacker tactics.

5. Adaptive Identity and Access Management (IAM)

With stolen credentials now the leading cause of breaches (including the M&S incident), IAM is more critical than ever. AI enhances IAM by:

• Monitoring usage behaviour across devices and times

• Applying dynamic access controls based on risk level

• Detecting anomalies like privilege escalation or credential stuffing

This means access decisions can adapt in real-time—preventing stolen credentials from turning into full-scale breaches.

But AI Is Not a Silver Bullet

It’s important to acknowledge that AI is not infallible. Poorly trained models can produce false positives or overlook novel attack vectors. Moreover, attackers themselves are beginning to leverage AI to automate phishing, generate deepfakes, and overwhelm defences.

Therefore, AI should be viewed as augmentation, not full automation. The best results come from human-machine collaboration, where AI handles the grunt work of data processing and pattern recognition, allowing human experts to focus on strategic decision-making, threat hunting, and incident triage.

Where Organisations Often Go Wrong

Most breaches don’t occur because of unknown threats—but because of known risks left unaddressed. Based on recent high-profile attacks, common failures include:

• Inadequate investment in cybersecurity budgets

• Poor visibility into third-party vendors and supply chain risks

• Outdated infrastructure with unpatched vulnerabilities

• Lack of incident response planning or regular drills

• Failure to align cybersecurity goals with business objectives

These aren’t just technical failings—they’re leadership failures.

Actionable Steps: Securing the Future

To move from reactive defence to proactive resilience, companies must:

1. Elevate Cybersecurity to the Boardroom

Security can no longer sit under IT. It must be a C-level concern, with representation on the board and a voice in strategic decisions.

2. Invest in AI and Automation Strategically

Deploy AI-based threat detection, SIEM (Security Information and Event Management) systems, and behavioural analytics. But ensure they’re regularly retrained and ethically governed.

3. Vet and Monitor Third-Party Risk

Every partner is a potential entry point. Apply zero-trust principles, enforce third-party audits, and limit access privileges aggressively.

4. Train and Empower Your Workforce

Most breaches still involve human error. Equip employees with ongoing training, phishing simulations, and a culture where security is everyone’s responsibility.

5. Build and Test an Incident Response Plan

Not “if,” but “when.” Have a documented, rehearsed plan that includes communication strategies, backup procedures, and legal response.

Final Word: Cybersecurity Is Not Optional

The M&S breach and others like it are more than cautionary tales - they are symptoms of a global corporate blind spot. As threat actors evolve faster than legacy security models can respond, the only way forward is a radical shift in mindset.

Cybersecurity must move from reactive to predictive. From siloed to strategic. From analog to AI. Because in the digital age, the companies that survive will not be the ones with the most data—but the ones that know how to protect it intelligently.

What this means for your Business?

It can be easy to over-look security concerns, thinking that they don’t impact or apply to your own business. However, nothing could be further from the truth. What this also demonstrates is how AI can help your business in so many different ways with cyber security being just one of those application areas.

The time is now to sort out your AI Strategy and planning out your AI Roadmap aligned to priority use-cases, focused on business value and growth opportunities. Why not start by using our free AI Strategy Scorecard to help assess your AI Readiness.

At Informed.AI Consulting we help clients of all sizes and industries with its AI Strategy together with Adoption of AI driven use-cases and technologies to help drive value and growth longer-term.