03 June 2025

Since Easter, two major UK retailers have been targeted by severe cyber-attacks. On 25 April, Marks and Spencer (M&S) was hit, followed by Co-op on 2 May. Several sources report that ransomware-as-a-service (RaaS) group DragonForce has claimed responsibility.

The consequences were devastating, impacting both finances and reputation. Hackers gained access to substantial amounts of customers’ personal data. M&S responded by suspending online orders, incurring a loss of approximately £3.8 million per day, and both retailers faced difficulties in restocking shelves. However, their immediate responses led to markedly different outcomes.

“While M&S experienced a major outage that has persisted for several days, Co-op appears to have detected the threat early and proactively shut down parts of its systems to prevent further damage,” notes Richard May, product development director (formerly CEO) of virtualDCS.

In response, the UK government has announced new cybersecurity initiatives aimed at strengthening retail sector defenses. These include a £16 million support package and increased funding for the CHERI project, which focuses on enhancing hardware security against cyber threats. Additionally, a proposed regulation may prohibit public sector bodies and critical national infrastructure (CNI) organizations from making ransom payments under any circumstances, to reduce criminal profitability.

Industry experts emphasize that only a comprehensive approach — combining advanced technology, clear processes, ongoing vigilance, and public awareness — will enable businesses and consumers to navigate the evolving threat landscape.

“With increased public scrutiny on data protection and cybersecurity readiness, companies that neglect proactive measures risk significant financial losses and long-term damage to trust,” says Jake Moore, Global Cybersecurity Advisor at ESET. “Investing in expert-managed solutions, robust threat detection, and staff training can greatly mitigate operational and financial risks. However, cybersecurity is a collective effort — collaboration between the private sector, government, and experts is essential to safeguarding the UK’s digital economy.”

May adds, “immutable backups are vital for recovery, ensuring that clean data remains untouched by attackers. But their effectiveness depends on regular testing and integration into a well-rehearsed incident response plan. Combining strong monitoring, immutable backups, and layered defense strategies will better prepare organizations for, and enable swift recovery from, cyberattacks.”

Meanwhile, Scott Dawson, CEO of DECTA, warns that this incident highlights how brittle legacy architectures and siloed security practices are, and no match for sophisticated threat actors.

“Until businesses adopt uniform metrics and invest in fail-safe recovery plans, every transaction — and every customer relationship — remains at risk,” highlights Dawson. “When a single intrusion forces entire back-office operations offline, every step from inventory management to customer service teeters on collapse. Businesses must move from reactive patchwork to proactive resilience engineering architected into every layer of IT strategy, or retailers will continue to pay the price. Only then can retailers protect revenue streams, reputations and the trust of the millions who rely on them.”

“The big takeaway from these incidents is that even well-resourced and established organisations are being tested by the speed and sophistication of today’s ever-evolving threat landscape. Recognising cyber risk as a business risk and investing accordingly must be a shared priority for all industries responsible for sensitive data,” asserts Kev Eley, Vice President UKI at Exabeam.