Two of the UK’s most prominent high street brands – Marks & Spencer and Co-op – have recently fallen prey to a rising tide of cyber threats, underscoring the growing susceptibility of Britain’s retail industry to advanced digital assaults.
Marks & Spencer (M&S) has been dealing with the repercussions of a ransomware incident, while the Co-operative Group (Co-op), which has over 7,000 locations nationwide, has taken sections of its IT infrastructure offline after discovering a suspected breach. Both situations highlight a developing reality in contemporary commerce: cybersecurity is no longer an issue limited to the IT department – it has transformed into a major business continuity concern.
“Cyber resilience is foundational to business stability,” stated Jon Abbott, CEO of cybersecurity firm ThreatAware. “In an industry reliant on customer trust and reputation, the implications of downtime extend well beyond mere lost sales — it entails the risk of enduring harm to the brand.”
The Co-op characterized its response to a potential breach as “proactive,” notwithstanding leaked internal communications that indicate rising internal anxiety. Staff have reportedly been directed to activate their cameras during virtual meetings, refrain from producing transcripts of discussions, and stay vigilant for unusual communications – reflective of concerns that intruders may have already accessed internal systems. The company is currently collaborating with the National Cyber Security Centre (NCSC) and the Metropolitan Police regarding this issue.
Meanwhile, M&S experienced a ransomware attack widely credited to ‘Scattered Spider’ — a splinter faction of Lapsus$, a notorious cybercriminal group. This group has been associated with high-profile attacks on entities such as Transport for London and MGM Resorts in the US. Following the breach, M&S issued a public update indicating that some employee data had been compromised, although customer-facing systems continue to operate. The company has subsequently taken its employee portal offline and is engaging with external cyber specialists and authorities to mitigate the impact. You can read their latest update here.
These incidents are unlikely to be isolated occurrences. Experts caution that they are representative of the intensified and increasingly intricate threat environment that British enterprises now confront. “It’s not a matter of if, but when,” remarked Spencer Young, regional senior vice president at cybersecurity firm Delinea. “Organizations are facing more advanced, AI-enhanced threats, yet many still haven’t pinpointed their ‘minimum viable company’ — the essential operations that must be quickly restored to ensure survival.”
According to the 2024 Cyber Threat Report by SonicWall, more than 600 new malware variants emerge daily. Ransomware, in particular, remains a formidable and expensive weapon in the cybercriminal toolkit, with global average damages estimated at $4.91 million (£3.9 million) per incident — costs that frequently surpass the ransom itself due to lost productivity, regulatory penalties, and reputational harm.
“For retailers who interact with customers daily, even brief downtime can represent an existential threat,” stated Spencer Starkey, Vice President at SonicWall.
Retailers are especially vulnerable because of their extensive digital presence, large customer databases, and complex supply chains — often coupled with under-resourced cybersecurity teams. “Hackers target the big gains,” explained Jason Gerrard, a cyber strategy consultant at Commvault. “Targeting a single point in a retail supply chain can magnify disruption across the entire business.”
The urgency to restore operations often drives companies to comply swiftly with ransom demands, particularly when brand reputation and regulatory pressures are at stake. Gerrard referred to industry data showing that most organizations take more than three weeks to recuperate from a significant cyber incident — with complete recovery sometimes extending beyond 200 days. Critically, many companies still postpone defining what needs prioritizing until after an attack occurs, which hinders effective mitigation.
Cybersecurity experts increasingly contend that mindset is as crucial as the strength of firewalls. The human factor — both internally within an organization and in external communications — now plays an essential role in managing cyber emergencies.
“When systems go down, empathy can be just as important as technology,” said Vivek Dodd, CEO of compliance training provider Skillcast. “How a business chooses to communicate — taking responsibility, displaying transparency, and prioritizing people — often dictates whether it retains customers or strengthens relationships.”
Consequently, retailers and other large organizations are being encouraged to regard cyber defense as a comprehensive enterprise priority, rather than a specialized technical challenge. This includes enhancing identity security, mapping operational dependencies, conducting live cyber drills, and supporting a resilient digital framework. The rise of artificial intelligence has further complicated risks, enabling attackers to automate malware and phishing initiatives across extensive IT landscapes.
However, there are positive indications of an increasing maturity in the responses of compromised firms. Both M&S and Co-op reacted promptly upon identifying the issues. Their choice to act decisively signifies enhanced incident response planning and may serve as a model for other enterprises aiming to navigate similar challenges in the future.
“This is the time to advance from reactive patching to proactive resilience engineering,” said Scott Dawson, CEO of payments platform DECTA. “We need
