The Crisis That Breaks Boards
Boards routinely rehearse financial stress, audit scenarios, regulatory reviews, but what about when systems lock and customers demand answers live?
In 2025, UK resilience was tested in real time. Marks & Spencer faced an unprecedented cyberattack, crippling online and in-store systems. The retailer halted automated operations, and food waste surged as staff resorted to pen and paper. Operating losses hit an estimated £15 million per week, with up to £300 million in annual profit at risk, while market value dropped a staggering £750 million. M&S brought in the FBI, the NCA, and NCSC to manage the fallout.
This wasn’t a technical glitch, it was a board-level crisis.
Emergency Response Is a Boardroom Issue
Few executives realise how narrow the window for containment is. The NCSC is clear on the importance of rapid response. Industry evidence shows the first 48 hours can define the difference between recovery and trauma. Ransomware now morphs from breach to encryption in hours, not days, demanding immediate multi-disciplinary coordination.
In the UK, the average SME ransomware victim loses around £1,600 per incident, with costs escalating for repeat disruptions.
For boards, this is no longer just a security problem, it’s a business continuity and reputation risk.
Why Boards Avoid Cyber Drills
- Cyber is perceived as technical. Boards defer to IT.
- Drills may expose governance weaknesses.
- Playbooks are outdated or nonexistent.
- Insurance and vendor SLAs provide false assurance.
M&S is not alone in this mistake. It’s become a nationwide lesson book.
What Real Emergency Response Looks Like
Boards need more than IT alerting; they need well-practised, multi-functional response plans:
- Board-level leadership roles, defining who speaks to regulators, media, and customers.
- Pre-built notification templates for rapid communication.
- Joint playbooks coordinating the SOC, legal, PR, insurers, and third parties.
- Tested escalation paths, validated under stress, not theory.
These must become the standard boardroom rehearsal.
UK Context Makes It Urgent
The 2025 Cyber Security Breaches Survey reveals the increasing frequency and complexity of attacks. UK businesses report an average of 30 cyber intrusions per year; repeat victimisation is common.
Meanwhile, the Cyber Security and Resilience Bill tightens the screws with fines up to £100,000 per day for non-compliance even in the face of breaches. Responsiveness isn’t optional, it’s a legal expectation.
The speed of enforcement intensifies the demand for immediate, board-level cyber response.
ENHALO’s Emergency Response Approach
ENHALO’s UK and Europe presence positions us to help boards handle crisis with clarity:
- A 24/7 Emergency Cyber Response service that connects SOC intelligence to board governance.
- Board-ready playbooks, coordinating decision-makers, legal, media, and technical teams before an incident happens.
- Holistic integration: cyber detection, response planning, and supply chain management combine into one continuous resilience strategy.
This is a framework enabling boards to hold together under pressure.
Questions Every Board Should Be Asking
- Who is responsible for incident response at the board?
- Are there pre-approved templates for regulators and customers?
- Are SOC, legal, and PR teams rehearsing joint moves?
- Do our plans include third-party and supply chain involvement?
- Have escalation paths been tested under real pressure?
The answers separate resilience from reactive chaos.
Rehearse for the Storm
Boards can’t outsource the first 48 hours of a cyber crisis. They can only choose to face it prepared… or scrambled.
Emergency Cyber Response is not a fringe consideration. In 2025, it’s the board-level test that matters most.
That’s where ENHALO stands – with the framework, the presence, and the experience to keep boards intact when systems fail.
