In April 2025, two of the UK’s most recognisable retailers, Marks & Spencer (M&S) and Co-op, were both targeted by the same hacking group, Scattered Spider. The coordinated cyberattacks disrupted operations and raised concerns about data security.
The attack highlighted how sophisticated threat actors are evolving, often faster than many organisations can defend themselves against. A separate major attack on Jaguar Land Rover stopped production for more than a month.
It disrupted work at factories in the UK, India, Brazil and Slovakia. About 800 computer systems went offline, halting vehicle manufacturing and throwing its 200,000-strong supply chain into doubt. The main lesson is clear: breaching one large organisation can cripple thousands of others.
While these incidents occurred in the private sector, the lessons are highly relevant to the UK public sector’s cybersecurity landscape. Government departments, local councils, and public bodies hold some of the nation’s most sensitive data, from citizen records to critical infrastructure controls.
Yet, research continues to show that the public sector lags in cybersecurity capability, leaving it increasingly vulnerable to the same groups now making headlines.
The M&S and Co-op attacks should be a wake-up call: no organisation is too established, too well-known, or too critical to escape the attention of cybercriminals. For public sector leaders, the question isn’t if their department will be targeted, but when.
> The Rising Tide of Cybersecurity Attacks Against the UK Public Sector
According to the Department for Science, Innovation and Technology (DSIT), a substantial proportion of UK public sector organisations report gaps in advanced cyber-technical skills, struggling with recruitment, retention, and internal capability. Local councils face acute pressures: tight budgets, legacy systems, and growing citizen expectations for digital services.
Attackers know this. They deliberately seek out organisations where resilience is limited, and response times are slow. The M&S, Jaguar Land Rover (JLR) and Co-op breaches show how attackers now use coordinated, persistent tactics, including social engineering and advanced phishing, to gain footholds in large, complex organisations.
It’s not only headline retail brands being targeted. In September 2025, the Treasury’s Office of Financial Sanctions Implementation (OFSI) warned that UK firms are almost certainly being targeted by North Korean IT specialists posing as freelance workers. These operatives, deployed abroad to disguise their identities, risk gaining privileged access to sensitive data and systems, a tactic with obvious implications for public sector organisations already battling resource and skills shortages.
For the public sector, which often relies on overstretched IT teams, the consequences could be devastating, ranging from service outages and ransom payments to reputational damage and a loss of citizen trust.
> Why Cybersecurity Skills Are the First Line of Defence
Technology investments alone cannot solve the challenge. Firewalls, threat monitoring, and AI-driven defence systems are vital, but they are only as strong as the people who configure, manage, and respond to alerts. Human error remains the number one cause of breaches worldwide.
Emerging threats like disguised IT freelancers highlight that capability is not just about defending against malware or ransomware, but also about ensuring secure hiring practices, rigorous vetting, and ongoing workforce awareness. Who you allow into your teams matters as much as the tools you deploy.
For the UK public sector, closing the cybersecurity skills gap is now a matter of national security. Building a cyber-ready workforce requires more than one-off training; it demands a systematic approach to sourcing, developing, and retaining the right talent at every level. This is where mthree’s service offerings, Hire Train Deploy, Reskill and Upskill, and Expert Talent, come into play.
> Hire Train Deploy: Building New Cybersecurity Capability from the Ground Up
Public sector organisations often struggle to attract early-career talent into cybersecurity roles. Salaries are frequently lower than in the private sector, and graduate programmes may not provide the depth of technical training needed.
mthree’s Hire Train Deploy (HTD) model addresses this challenge directly. We identify diverse, high-potential early-career candidates with the aptitude for cybersecurity. They then undergo immersive, client-specific training in areas such as:
-
Threat detection and incident response
-
Cloud security fundamentals
-
Compliance frameworks (NCSC, GDPR, ISO standards)
-
Secure software development
Once deployed, mthree Alumni are ready to add value from day one, bringing fresh skills, motivation, and long-term potential. For public sector employers, HTD offers a cost-effective way to close entry-level gaps while building a pipeline of future cybersecurity leaders.
In the context of incidents like the M&S, JLR and Co-op breach, or the risks posed by covert hostile freelancers, HTD ensures public bodies have practitioners who are thoroughly vetted, trained, and motivated to defend against both obvious and subtle threats.
> Reskill and Upskill: Empowering the Existing Public Sector Workforce
While attracting new talent is essential, the fastest way to build resilience is often through your existing workforce. Many public sector staff members are experienced in IT, data, or operational roles, but lack specific cybersecurity expertise. With targeted reskilling and upskilling, mthree can help your organisation quickly pivot them into cyber functions or strengthen their existing roles with critical security awareness.
mthree designs reskill and upskill programmes tailored to the needs of each department. These might include:
-
Converting IT support staff into cyber analysts
-
Training policy teams on safe and responsible use of AI tools
-
Upskilling cloud engineers to manage identity and access securely
-
Providing awareness training for non-technical staff to reduce phishing and social engineering risk
This approach not only addresses capability gaps but also increases staff morale. Employees see reskilling not as “extra work” but as an investment in their careers, equipping them with the skills needed to serve citizens effectively and meet modern demands.
By making cybersecurity part of everyone’s job, public sector organisations can reduce the likelihood of falling victim to coordinated campaigns, such as those seen in the private sector cases, or to infiltration attempts by foreign actors.
> Expert Talent: Embedding Cybersecurity Specialists Where It Matters Most
Some threats require seasoned expertise. Public sector organisations often lack access to senior cybersecurity professionals who can architect secure systems, lead threat-hunting teams, or guide crisis response.
Through mthree’s Expert Talent offering, public bodies can embed our experienced cybersecurity specialists directly into their teams. mthree's Expert professionals bring deep knowledge of current attack methods, regulatory frameworks, and sector-specific risks. Just as importantly, they can mentor junior staff and upskill colleagues, ensuring capability is transferred, not just provided for the short term.
With the rise of sophisticated actors like Scattered Spider and covert infiltration risks highlighted by OFSI, access to embedded experts can make the difference between an incident being contained quickly or escalating into a national headline.
> Building a Layered Defence for the UK Public Sector
The lesson from M&S, JLR and Co-op is clear: no organisation is immune. The OFSI warning underlines that the threat landscape is broadening to include infiltration as well as direct attacks. Attackers thrive on inconsistency, and they exploit the weakest link, whether that’s an untrained employee, an outdated system, or a poorly vetted contractor.
For the UK public sector, building resilience means taking a layered approach:
-
Recruit and develop new cybersecurity talent through Hire Train Deploy
-
Reskill and upskill existing staff so everyone has a role in cybersecurity
-
Embed Expert talent to lead, mentor, and strengthen defenses
Together, these approaches provide not just short-term protection, but long-term capability and pipelines of future leaders in cybersecurity.
> A Call to Action for UK Public Sector Leaders
The April 2025 cyberattacks against the private sector are a timely reminder that threats are real and do happen. The OFSI warning about North Korean IT freelancers demonstrates that the threats facing UK organisations are not only growing but also diversifying.
For the UK public sector, the implications are even greater: citizen data, essential services, and national trust are all at risk.
It’s time for public sector leaders to stop treating cybersecurity as a back-office IT issue and start viewing it as a frontline responsibility. Building a cyber-ready workforce is not optional; it’s an urgent necessity.
With the right blend of early-career talent, reskilled staff, and embedded Experts, departments can move from being easy targets to being resilient defenders. mthree is ready to partner with the UK public sector to make this happen.
