About us

Madigan Solutions is an Identity & Access Management consultancy that specialises in delivering Identity Management, Identity Governance & Access Management solutions whether on-premises, or in the Cloud.

Simplifying identity & access management

We work with organisations across a range of industries including Government (Central & Local), Higher Education, Financial Services, Utilities, Retail, and Business Services. We help to deliver and run IAM platforms built on IBM technology.

Simplifying identity & access management

We work with organisations across a range of industries including Government (Central & Local), Higher Education, Financial Services, Utilities, Retail, and Business Services. We help to deliver and run IAM platforms built on IBM technology.

Author

From Empty Shelves to Patient Deaths: The Real-World Cost of Cyber Attacks

16 October, 2025, by Stephen Swann

Cyber security has long been framed as a technical discipline - the domain of IT teams, CISOs, and compliance checklists. But the events of the past year have shattered that illusion. Cyber attacks are no longer confined to data breaches and downtime. They are disrupting supply chains, threatening public services, and in one tragic case, contributing to the death of a patient.

This is not hyperbole. It’s the reality laid bare in the NCSC's Annual Review 2025, which should serve as a wake-up call to every business leader, policymaker, and board member in the UK.

The Cost Is No Longer Just Financial

When ransomware hit Marks & Spencer earlier this year, the headlines focused on the estimated £300 million in damages. But the real story was in the empty shelves, the stalled logistics, and the ripple effect across the retail sector. Similarly, the Co-op Group saw the personal data of 6.5 million members stolen, and its ability to serve customers severely disrupted.

These incidents are not isolated. They are symptoms of a broader trend: cyber attacks are now targeting the operational heart of organisations, not just their digital perimeters.

And then there’s Synnovis - a pathology lab whose ransomware breach led to £32.7 million in costs and significant clinical disruption across London’s healthcare system. The most sobering detail? The attack directly contributed to the death of a patient.

This is the moment where cyber security stops being a technical issue and becomes a matter of human consequence.

Infographic 1
Infographic 2

Cyber Resilience Is a Leadership Imperative

The NCSC handled 429 incidents in the past year, with 48% deemed nationally significant - a staggering rise from 89 the year before. And highly significant incidents (those affecting government, essential services, or the economy) rose by 50%, marking the third consecutive year of increase.

These numbers aren’t just statistics. They’re signals. Signals that the threat landscape is intensifying, and that our collective response must evolve.

Yet too many organisations still treat cyber security as a reactive function - something to be addressed after a breach, not before. The NCSC’s behavioural research highlights this inertia: optimism bias, lack of visibility, and poor communication between technical teams and boards all contribute to delayed action.

The Time to Act Is Now

We must move from cyber defence to cyber resilience - a mindset that accepts attacks will happen, and focuses on how quickly and effectively we can recover.

This means:

  • Embedding cyber risk into board-level governance.
  • Investing in foundational controls like Cyber Essentials, which reduces insurance claims by 92%.
  • Building a culture of security that spans every level of the organisation.
  • Engineering systems that can operate and recover even when compromised.

It also means recognising that cyber security is now a shared responsibility. From the CEO to the frontline employee, from the supplier to the regulator - everyone has a role to play.

A Call to Leadership

The NCSC’s review is not just a technical document. It’s a strategic warning. The threats we face are evolving faster than our defences. And the consequences are no longer theoretical.

Empty shelves are inconvenient. Patient deaths are unacceptable.

If you’re a leader, ask yourself:

💡
Are we prepared to operate without IT? Can we recover at pace? Have we built resilience into our DNA?

Because in today’s world, cyber security is not just about protecting data. It’s about protecting lives.

Ready to Take Action?

If this article resonates, here are three ways you can start building resilience today:

  • Run an Identity Fabric Framing Workshop
    Understand how your organisation’s identity architecture supports (or hinders) resilience. This workshop helps you align strategy, governance, and technology.
    Book a workshop.

  • Assess Your Identity Governance Maturity
    Get a clear picture of where you stand and what needs to change. Our maturity assessment provides actionable insights to strengthen your IAM posture.
    Take a quick assessment now.

  • Download the “Six Sprints to IAM Success” eBook
    A practical guide to accelerating your identity programme, without losing sight of long-term resilience.
    Download here.

Article Tags

General SecurityData Breach

Recent Posts

Bridging the IAM Innovation Gap: Why Fundamentals Still Matter

Developing an adapter for IBM Verify Identity Governance

IBM Verify Privilege Vault Ticket System Integration

Breaches Leave Retailers Reeling

Custom Remote Password Changer with ISVPV

IAM as a Cornerstone for DORA Compliance

Node-Red Identity Feeder

© Copyright 2025 Madigan Solutions UK Limited
Madigan Solutions UK Limited is a company registered in Northern Ireland with Company Number NI675324. VAT Number 368 3929 47.

Home | Blog | Contact

Terms & Conditions | Privacy Policy | Disclaimer