Beyond the Firewall - Why Integrated Risk Management Is the Missing Layer in Cyber Defense

CybersecurityCyber InsuranceIntegrated Risk Management
Written By Samantha "Sam" Jones

The recent revelation that Marks & Spencer—one of Britain’s most iconic retailers—suffered a cyberattack that could cost it up to £300 million in annual operating profit is a reminder that no amount of cybersecurity spending can fully inoculate a company from human error. The attack, reportedly traced to a third-party vendor and facilitated by social engineering, underscores a hard truth: cybersecurity is necessary, but not sufficient.

Despite boosting its cyber investment by 75% and quadrupling its team over the past two years, M&S was not spared. Nor were other well-known retailers like Harrods and the Co-op grocery group. These incidents reflect a deeper problem in the digital defense playbook—one that requires a broader, integrated approach to risk.

Samantha "Sam" Jones

Samantha “Sam” Jones is the lead research analyst for the IRM Navigator™ series and a core contributor to The RiskTech Journal and The RTJ Bridge. As a digital editorial analyst, she specializes in interpreting vendor strategy, market evolution, and the convergence of technology with enterprise risk practices.

As part of Wheelhouse’s AI-enhanced advisory team, Sam applies advanced analytical tooling and editorial synthesis to help decode the structural changes shaping the risk management landscape.

Sign up to read this post
Join Now
Previous

Generative AI Is Steering Banks Toward Autonomous IRM—But the Bridge Isn’t Finished Yet
Next

Avatars in Armani — How AI Analysts Are Reshaping the Future of Finance & Risk Management