The Breach
Retail giant Marks & Spencer (M&S) is facing a potential £300 million legal claim after a data breach exposed personal information of over 1,000 customers including names, birthdates, and contact details.
No passwords or financial data were stolen.
But that didn’t matter.
The legal tide is turning
This case signals a shift: companies are now being treated as guilty until proven secure.
Lawyers argue that unless M&S can prove they met industry-standard cybersecurity measures, they’ll be held legally responsible, even though the breach reportedly resulted from human error.
“We are reaching a point where claiming ‘human mistake’ is no longer an acceptable excuse.”
This reflects a broader trend: personal data is just as protected (and just as valuable to criminals) as payment data. Identity theft, phishing, and impersonation are real-world consequences — and courts are catching up.
What this means for you
If your business handles any kind of customer or employee data, this precedent should raise red flags. A mistake by one staff member, one email click, or one misconfigured setting can now lead to massive reputational and legal consequences.
And unless you can demonstrate you took reasonable steps to prevent it — through training, controls, and monitoring — the liability may fall squarely on your business.
How Republic helps
Republic, Recyber’s human-first cybersecurity platform, was built for exactly this moment.
We don’t just train your people. We track risk over time, document improvements, and help build the kind of evidence of due diligence that may soon become your first legal defense.
With Republic, you can:
-
Spot risky behavior early
-
Deliver just-in-time training
-
Build an audit trail of security efforts
-
Reduce exposure to legal claims tied to “human error”
The bottom line
The old playbook – “we didn’t lose passwords” or “it was just a mistake”- doesn’t cut it anymore.
If your staff can access sensitive data, they’re part of your security perimeter. It’s your responsibility to show you equipped them to protect it.
Republic helps you prove it.
Want to see how it works?
Republic Free Trial
Improve cybersecurity behaviours and reduce cyber risk across your organisation. Republic delivers real-time insights and targeted interventions to strengthen security culture and keep your team protected.
Pricing: £199 per month for organisations with under 100 users.
For organisations over 100, please contact the sales team using the form below.
Learn More
