M&S and Co-op: UK retailers brace for cyber attacks
Two of the UK’s most recognisable retail brands – Marks and Spencer and Co-op – found themselves at the centre of a growing cyber security storm this past week.
From suspended online orders at M&S to locked-down systems at Co-op, the message from the frontline is clear: cyber threats are no longer just an IT issue, they’re a business continuity crisis.
“Cyber resilience underpins business resilience”, says Jon Abbott, chief executive of cyber firm ThreatAware. “And in a sector built on customer trust and reputation, the cost of downtime is more than just revenue – it’s long term brand damage”.
The Co-op, which operates over 7,000 locations, shut down parts of its IT systems after detecting a potential breach, describing the action as a “proactive” defence.
Yet internal emails suggest growing concern.
Staff were reportedly told to keep cameras on during calls, avoiding transcribing meetings, and report suspicious messages – measures that hint at fears that hackers could already be inside.
This follows M&S’s ransomware attack, believed to be orchestrated by ‘Scattered Spider’ – a splinter group of Lapsus$ – a notorious hacking group responsible for high profile breaches at Transport for London (TfL) and MGM resorts.
The Metropolitan police and National Cyber Security are undergoing an investigation.
A broader concern
While the incidents may appear isolated, experts worry they are symptomatic of a broader, escalating risk landscape.
Security firm Delinea’s Spencer Young warned: “The disruption caused by the attack on M&S, and now Co-Op, is significant.”
“Attackers are reminding us that IT infrastructure remains vulnerable, especially if businesses fail to assess cyber risks and monitor access. Despite identity and credentials security growing in importance, there are still significant vulnerabilities that organisations need to address – particularly when it comes to remote”.
A report from Sonicwall found that over 600 new malware variants are created daily with ransomware attacks costing companies an average of $4.91m – well beyond the ransom itself.
“Ransomware holds operations hostage”, says Spencer Starkey, Sonicwall’s senior manager. “For retailers who serve consumers daily, even minor downtime is a major threat”.
Why is retail so exposed?
Retailers sit at a unique intersection: vast customer data, sprawling supply chains and often underfunded cyber teams.
That makes them a prime target for criminal gangs, according to Jason Gerrard of Commvault.
“Hackers go for big fish- disrupting just one point in a supply chain gives them maximum leverage”, he says.
“They know reputational damage and regulatory pressure may make companies more likely to pay up”.
Gerrard also points to worrying industry stats, with most companies taking over three weeks to recover from a cyber attack, while some may take over 200 days.
The delay is often because firms only define what needs restoring once a crisis has already hit.
The human element
Beyond technical failures, there is a growing consensus that culture matters just as much as code.
“When systems go offline, empathy can be as powerful as a firewall”, says Vivek Dodd, chief executive of compliance training firm Skillcast.
“How you communicate in crisis – owning the issue and prioritising people – can determine whether you lose customers or earn their loyalty.”
Retailers are being urged to treat cyber defence as a business wide priority.
That includes investing in identity security, scenario planning and cyber drills, not just infrastructure.
And, with hackers using AI to automate malware and phishing, large retailers’ complex systems have more points of vulnerability now than ever before.
Lessons in resilience
Yet, there is a silver lining: both Co-op and M&S acted fast, showing signs of mature incident response planning.
“This is the moment to move from reactive patching to proactive resilience engineering”, says Scott Dawson, chief executive of DECTA payments. “We need to bake security into every layer of the IT stack – not bolt it on after the fact”.
As M&S and Co-op continue to recover, retailers across the country are re-evaluating their readiness.
The hope is that this moment will trigger more investment in smart infrastructure and a cultural shift towards cyber readiness.
“Cyber security is no longer just the tech team’s concern”, said Abott. “It’s board-level. It’s brand level. And it’s survival-level”.