Skip to content
City PM
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
Tuesday 20 May 2025 9:10 am  |  Updated:  Tuesday 20 May 2025 9:11 am

Are cyber attacks about to become the norm for British retailers?

By: Amber Murray and Saskia Koopman

Add as a preferred source on Google
Digital-first players Chase and Monzo confirmed they have never used them, while Starling has phased them out of Google Pay.

In the last month, cyber attacks have gone from a destructive but uncommon issue to the top of most Brit’s news feeds. 

Marks and Spencer’s, Co-op, Harrods – plus the international Dior and Coinbase – have all been the target of attacks in the last months, with more unsuccessful or smaller attacks likely to have gone under the radar. 

Retailers in particular have been targeted, but what seems to be the connecting thread is data-heavy firms with insecure legacy systems.

The goal of retail advertising has long been to hyper-personalise advertising, something which has been brought tantalisingly close by data tracking and large-language AI models.

Retailers collect and process millions of personal records like names, addresses, payment details, shopping habits, making them a lucrative target for cyber criminals.

“[Companies have] the data not from just your interactions with that particular retailer, but numerous data feeds – be it from social media or from other websites that you’ve interacted with, and can give you something that’s very tailored to what you want,” Asam Malik, head of digital & risk consulting at Forvis Mazars, said. 

This gives them a tremendous amount of valuable data – all locked into systems with below-par security, according to Simon Pamplin, CTO of Certes. 

Pamplin explained that many current cyber strategies are designed to defend the network, not the data. 

“Today’s attackers aren’t just locking systems, they’re extracting data. If we focus only on keeping them out, we’re missing the point,” Pamplin said. 

This is just the start 

The recent cyber attacks on major UK retailers are unlikely to be the last, and in many ways, they’re a mere glimpse of what’s to come.

Decades of under-investment in cyber protection, combined with an expansion in the amount of data that firms hold and process, has created a vault of information with a much lower level of security than, say, a bank. 

“Retailers on tight margins have historically under invested in comprehensive cyber security”, said Professor Feng Li of Bayes Business School. “As they’ve layered digital systems on top of legacy infrastructure, they’ve widened the attack surface”.

Li warned: “Until the retail sector treats cyber security as a strategic investment – not just a compliance box – breaches will keep happening”.

Current regulations, he says, don’t go far enough to force meaningful change. The growing dependence on third party digital services adds yet more weak points, making many firms increasingly exposed.

In the race for convenience, scale and speed, retailers have too often under-invested in resilience.

Meanwhile, well-organised cyber groups, like the resurgent Scattered Spider, are exploiting the cracks.

These are not lone wolf hackers, they are sophisticated operations deploying ransomware, phishing campaigns, and advanced social engineering techniques with ruthless efficiency.

Experts agree that even the best security defences can’t prevent every breach. That’s why robust, rehearsed incident response plans, complete with clear roles and recovery strategies, are no longer optional.

The future of cyber security will hinge on vigilance, not just tools.

“Cyber security must become a fundamental business priority”, said Google threat intelligence’s John Hultiquist, warning that retail will remain a top target.

High costs and long recoveries

M&S has now confirmed hackers accessed customer contact information in a breach that forced its online clothing platform offline for weeks, at a cost of over £43m a week.

Co-op, meanwhile, had to pause parts of its supply chain to contain the damage.

Read more

Cyberattacks hit UK businesses with £3.7bn in legal costs last year

The board unaminously agreed to extend Norman's position as Chair

Legalaid has seen 2.1m records accessed, with data on criminal records, national insurance numbers and financial details going as far back as 2010.

The cost for both consumers and companies is clear: customers are at risk of phishing emails attempting to steal even more sensitive information, while companies face an erosion of customer trust, lost profit and high insurance premiums. 

The attack on Marks and Spencer wiped off over £1bn from its market cap and cost it over £60m in lost profit, according to analysts. 

“Retailers operate in such high-pressure, low-margin environments, where sustained downtimes can have a disproportionate impact on customer retention and revenue,” Fastly’s information security officer Marshall Erwin said.

Marks and Spencer’s boss Stuart Machine took a £1.06m pay cut due to his reliance on a performance share plan and deferred bonus scheme. 

But that’s not the only issue: Retailers are increasingly being drawn into PR battles, with the perpetrators of the attacks “contacting journalists to take advantage of the publicity their actions have generated”, Jo Joyce, partner at global law firm Taylor Wessing’s cyber team, said.

Cyber experts have also warned on the effects of eroded consumer trust after a cyber attack, particularly with regards to payments data.

“There is a major risk that shoppers lose trust in the brand,”  AJ Bell analyst Dan Coatsworth said.

Insurance premiums, too, are set to rocket for both the affected companies and for the wider sector. 

“This disruptive attack – and any resulting payout – will be a major data point used by insurers in future underwritings,” Adam Casey, Director of Cybersecurity & CISO at Qodea, said.

“As non-payment of ransoms becomes a more common policy as well, insurers are going to see bigger costs from breach recovery and business interruption. All this will combine to push premiums up.”

AI: Friend or foe?

One of the reasons the number of attacks has now stepped up is the massive expansion in the quality of artificial intelligence, which now plays both sides of the cyber security arms race.

According to Cisco’s 2025 cyber security readiness index, while 92 per cent of UK firms use AI to detect or respond to threats, 78 per cent have also suffered AI-related breaches.

“AI is a force multiplier – for defenders and attackers,” Martin Lee, EMEA lead at Cisco Talos, told City PM. “The bad guys are organised, they have tools, and they have a business model”.

He notes that many attackers are now using generative AI to craft more convincing phishing emails, automate intrusion attempts, and even mimic employee communications.

AI has also made it easier to exploit what’s known as ‘shadow AI’, which is the employee use of unapproved tools that lack proper security.

“People love shiny new tech and move faster than policy”, Lee warned. “We’re seeing confidential data being pumped into public models without any oversight”.

UK minister Pat McFadden recently declassified an intelligence report warning that AI will increase both the frequency and severity of cyber attacks.

Speaking at CyberUK 2025, he confirmed that new legislation, under the cyber security and resilience bill, will aim to give government powers to force higher standards across regulated sectors.

But Cody Barrow, cyber security lead at Ekco, said the private sector must step up too: “Faster detection, smarter automation and security built in from day one must become the standard – not the exception”.

Read more

‘We cannot regulate cyber threats away,’ top lawyer warns

The ICO said it initially planned to fine Capita a total of £45m, but this was later reduced by “mitigating factors”

Share this article

  • Facebook
  • X
  • LinkedIn
  • WhatsApp
  • Email

Similarly tagged content:

Sections

  • News

Categories

  • Tech
  • Business
  • Retail

People & Organisations

  • Christian Dior
  • co op
  • coinbase
  • cyber security
  • data breach
  • harrods
  • Marks and Spencer
  • ransomware
  • uk business
  • uk retail

Trending Articles

  • Exclusive: Reynolds never met Thames Water investors before rejecting rescue deal

  • UK banks’ digital ID bid is a game of optics – and the odds are not in their favour

  • Businesses want action over changes in government machinery, Burnham told

  • Nscale and ElevenLabs power £41bn AI boom as Britain cements unicorn crown

  • Blackline Safety Announces Closing of Going Private Transaction with Francisco Partners

More from City PM

  • Cyberattacks hit UK businesses with £3.7bn in legal costs last year

    Business
    The board unaminously agreed to extend Norman's position as Chair
  • ‘We cannot regulate cyber threats away,’ top lawyer warns

    Tech
    The ICO said it initially planned to fine Capita a total of £45m, but this was later reduced by “mitigating factors”
  • ‘Act now’: AI models capable of attacks on governments months away, Five Eyes warn

    Tech
    GettyImages 158774123 showcases a relevant business meeting scene, highlighting diverse professionals engaged in discussion.
  • The Debate: Should CEOs be held personally accountable for cyberattacks?

    Opinion
    Evil-looking keyboard symbolizing cybersecurity threats and hacking risks in a digital landscape.
  • Fifa World Cup under major threat of cyber terrorism

    Sport Business
    GettyImages 158774123 showcases a relevant business meeting scene, highlighting diverse professionals engaged in discussion.
  • UK ministers tell UK businesses to ‘step up’ cyber defences

    Tech
    The ICO said it initially planned to fine Capita a total of £45m, but this was later reduced by “mitigating factors”
  • John Lewis, Debenhams censored over Black Friday ads

    Retail
    John Lewis has owned Waitrose since 1937
  • Iran and Russia to target Fifa World Cup, threat experts say

    Sport Business
    GettyImages 2277625963 shows a significant event in the news, capturing key figures and moments relevant to current global...

City PM — European politics, business and analysis.

Europe

  • Germany
  • France
  • Europe
  • UK & Ireland

Topics

  • Business
  • Markets
  • AI
  • Technology
  • Opinion
  • Energy

More

  • Politics
  • Economics
  • Fintech
  • Legal
  • Sport
  • Life

Company

  • About City PM
  • Editorial Policy
  • Corrections
  • Contact
  • Terms of Use
  • Privacy Policy
  • Cookie Policy
© 2026 City PM · Published by CityPM Media, Bahnhofstrasse 65, 8001 Zürich, Switzerland
About · Editorial Policy · Corrections · Contact · Privacy