If You Were the MSP for Marks & Spencer, Would You Still Have a Business?

Last week, Marks & Spencer—a billion-pound British retail giant—made headlines.

Not for a new product line. Not for record profits.

For getting hacked and running their business on pen and paper. For over a week.

The insider reports are brutal: total system failure. No communication. Employees sleeping in the office. Handwritten transactions. Making change with actual cash—can anyone even still do that? Here's the full story.

The most damning detail? They didn’t have a plan.

Now ask yourself: if you were the MSP responsible for M&S, would you have been ready? Not just “we’ve got a policy” ready.

Plan-in-place, playbook-tested, assets-documented, access-guaranteed ready?

Would you have:

• A playbook tailored to the exact kind of event they experienced?
• A guide your engineers could follow under pressure—without guessing?
• A map of the client’s most critical data and systems?
• A response plan stored outside your RMM, PSA, SharePoint, or IT Glue?

If your answer isn’t an emphatic hell yes, then congratulations—this isn’t just a cautionary tale. It’s your wake-up call.

Most MSPs Say They Have a Plan—Until It’s Game Time

Let’s be honest. You probably have a policy somewhere that says, “Refer to the IR plan.” But what happens when that plan is just a boilerplate PDF you copied from a vendor’s toolkit? What happens when your plan lives in the same system that just got encrypted?

Too many MSPs still connect everything through single sign-on. That’s great for convenience—until one credential gets popped and your IR plan vanishes with everything else.

One breach. Full compromise. Zero visibility.

That’s not incident response. That’s professional malpractice.

That’s Not a Plan. That’s a Lawsuit Waiting to Happen.

Think the client’s going to take the hit? Think again. If M&S had an MSP, who do you think would be in the hot seat right now? Not the attacker. You. Their MSP.

Because when your client goes down, they expect you to have a plan. One they can access. One that doesn’t vanish the moment Active Directory does.

This Is Exactly Why We Built the Galactic Portal

You don’t need to cobble together duct-taped documentation or rely on brittle systems.

That’s why we built the Galactic Portal—a hardened, external, client-ready space for:

• Storing playbooks by threat type
• Documenting risk acceptance and mitigation decisions
• Running incident response outside the blast radius

Here’s one of our partners showing what real IR readiness looks like: Watch the results

But here’s the real value: We’re not just handing you tools and walking away. We’re in the trenches with you. Our SecDesk team handles about five incidents every week—most from MSPs who weren’t ready when it counted.

Ask yourself: Would you be one of them?

What Should You Do Next?

Still wondering if your IR plan would survive a real-world breach?

Let’s find out—before the attackers do.

Schedule a Cyber Liability Assessment.

We’ll review your plans, test your readiness, and tell you exactly where the cracks are. And if you’ve got gaps like the ones M&S just exposed to the world?

We’ll help you close them.

Because if you’re the MSP during an incident like this, and your plan doesn’t exist, or is half assed?

You won’t just lose a client.

You could lose your entire company.