The UK retail sector is facing a cyber crisis. In just a few weeks, three household names, Marks and Spencer, Co-Op, and Harrods, have all been hit by significant cyber attacks. From disrupted logistics to exposed employee data, the incidents are striking in their similarity and severity. But the message is clear: no brand, no matter how established, is immune.
These attacks come when retailers are more digitally dependent than ever. Behind every store shelf and every online basket is a supply chain of interconnected systems, cloud platforms, third-party vendors and Iot-enabled infrastructure. And it is this complex digital surface that today’s cyber criminals are targeting, with increasing sophistication and scale.
A pattern emerges
Let us take a closer look at what has happened:
- Marks and Spencer was one of the first to be affected, with the attack causing widespread issues in its food supply chain. The company experienced shortages of key products and significant disruption across logistics and back-office operations. Reports suggest the breach stemmed from a third-party supplier vulnerability, a common weak link in otherwise well-secured enterprises.
- Co-Op faced operational problems across several business units. Though details remain limited, it is understood that internal IT systems were disrupted, affecting store operations and logistics. The company responded quickly, but still saw a reputational and financial impact.
- Harrods, the latest to report an incident, confirmed that internal files, including sensitive employee data, were accessed in a cyber breach. While customer payment information was reportedly unaffected, the reputational damage and regulatory implications remain serious.
These cases are not just coincidental. Cyber criminals are no longer simply going after customer card data. Instead, they target business-critical systems: supply chain logistics, enterprise resource planning (ERP) platforms, and personnel records.
The technical landscape: Why retail is at risk
Retailers are high-value targets because of their reliance on:
- Legacy systems that have been patched over the years but lack full integration or modern security controls.
- Multiple third-party suppliers, many of whom may have looser security postures.
- Real-time operational systems, where downtime directly affects sales and customer trust.
- Data-rich environments, including customer profiles, payment data, loyalty schemes and internal employee records.
Retailers operate at the intersection of data, logistics, and public visibility making them ideal victims for both financially motivated cyber criminals and politically driven attackers.
The growing use of cloud-based applications further amplifies these risks, including IoT devices in warehousing and stores, and remote access tools used by distributed workforces and support teams. Each of these introduces new attack surfaces and potential vulnerabilities.
Lessons for the Boardroom
These incidents offer hard but valuable lessons for leadership teams beyond the retail sector. At Conosco, we work with organisations to build resilience into the very core of their digital operations. Here is what your executive team needs to know:
Third-party risk is business risk
The attack on M&S appears to have originated through a supply chain partner. This is increasingly common. Businesses must go beyond perimeter security and assess the full ecosystem. That includes conducting due diligence on vendors, enforcing contractual obligations for security standards, and monitoring third-party access continuously.
Cybersecurity is no longer an IT function.
CISOs and CIOs must have direct access to the board, and cybersecurity risks should be discussed alongside financial, operational and reputational risks. Modern risk registers must include threat modelling and incident impact forecasting.
Segmentation and zero-trust architectures are essential.
Flat networks are easy to compromise. By adopting zero-trust principles, businesses can restrict lateral movement, verify every request and limit the blast radius of any breach. Network segmentation, identity-based access control, and real-time authentication are key to this model.
Detection and response are more important than prevention
Assume breach. Prevention is vital, but detection and response will define the outcome. This means investing in Security Operations Centres (SOCs), endpoint detection and response (EDR) platforms, and threat intelligence tuned to your industry.
Incident response must be fast, rehearsed and cross-functional
All three recent breaches show how slow, fragmented responses can worsen the damage. Have a documented incident response plan. Practice it. Ensure legal, PR, HR, IT and executive teams know their roles. A cyber incident is not just a technical event — it is an organisational crisis.
Regulatory pressure is increasing.
Breaches that involve employee or customer data must be reported under UK GDPR. Failure to comply can lead to fines, legal action and reputational harm. Regulatory readiness is now part of any responsible cyber strategy.
Building Resilience: A Constructive Path Forward
These threats are serious but not insurmountable. At Conosco, our approach is built on three pillars:
- Visibility: Understand your current risk profile, infrastructure, and threat exposure.
Maturity: Build a layered security architecture based on best practices and business context.
Continuity: Develop business continuity and recovery processes that keep operations running during and after an attack.
Cyber resilience is no longer optional. It is a business requirement. Every company now operates in a digital battlefield, and the prepared organisations will thrive.
Speak to an expert about securing your business from supply-chain security to threat remediation and response.
.png?width=55&height=41&name=conosco_icon_lightbg%20(1).png "conosco_icon_lightbg (1)"){kind=icon}
