British Retail Faces Up To A Cybersecurity Meltdown

May 8, 2025  |  Mark Hillary

Last year I wrote in this blog about ethical hacking and penetration testing. All these services are designed to create a stronger focus on cybersecurity by testing the existing corporate protection and then strengthening it – based on any weaknesses identified in the testing process.

Consumers worry about data security all the time. They are genuinely concerned about how companies use their personal shopping, browsing, and payment data. However, they are often limited in their own ability to protect data – their only option is to avoid the brands they don’t trust.

This creates a dynamic where brands need to offer great products and service, but they also need to create trust – your customers also need to feel that you take their data security seriously.

This trust is being challenged in the UK retail market at present. Several different retailers are all being attacked by hackers at the same time. This has created a long-lasting problem for the food and clothes brand Marks & Spencer. For over two weeks the company has not been able to offer any app or online sales and they have struggled to maintain any card payments in-store.

Legendary Knightsbridge department store Harrods said that they were struggling to maintain any access to the internet after another attack – although they asked customers to keep shopping.

The Co-op chain of supermarkets spent several days in May only accepting cash and then facing empty shelves as delivery schedules and stock orders were affected. Hackers stole a significant amount of customer and employee data – the company employs over 70,000 employees and the criminals claimed to have personal data on over 20 million people.

The British government minister Pat McFadden was giving a keynote speech at the 2025 CYBERUK event in May. This is the UK government’s flagship event focused on cybersecurity and attracted over 2,000 security specialists.

Mr McFadden said there was previously a time when a government minister making a speech about cybersecurity was something “routine” and does not have much connection with the real world.

He went on to give a warning: “These cyber-attacks are not a game. Not a clever exercise. They are serious organized crime. Their purpose is to damage and extort. It’s the digital version of an old-fashioned shake down. Either straight theft or a protection racket where your business will be safe as long as you pay the gangsters.”

The hackers involved in these retail attacks all contacted media outlets, such as the BBC and Bloomberg. This has forced the companies to confess to their data security weaknesses. If their strategy was to quietly handle the problem without alarming customers, then the hackers ruined that plan by ensuring that the media had proof of the various security breaches.

The important message the UK government is trying to give to corporate leaders is that cybersecurity is no longer just a luxury for well-prepared companies.

It is a necessity. A wake-up call is required. This is not just a UK or retail problem, even if it is UK retailers that have been systematically targeted over the past month.

When customers find that their local supermarket has lost all their payment data and purchase history to hackers then it brings home to non-technical consumers just how vulnerable they are. Their personal data can be easily lost and this can result in direct attacks on individuals – such as phony IT support calls. It’s easy to make these calls sound genuine when the caller will have personal data about the customer.

Every year, IBM estimates the cost of an average data breach. The latest figure was just under $5 million. That’s just the average figure. If you lose the personal data of all your customers then the damage to the reputation of your business may mean that few of them ever return to your business. It may cost more than millions – the viability of your entire business may be questioned if you cannot protect customer data.

This is why services such as ethical hacking and penetration testing are essential. Imagine if these retail brands had invested more in protecting their customers and just imagine the cost they are facing during week after week of business disruption.

For more information on various IT security operation services with IBA Group, please click here. It could help to keep your business out of the headlines.

Follow IBA Group on LinkedIn for regular updates and comment. For more information on technology strategy and how tech connects to real business solutions please click here

Play Audio Version
April 14, 2025
Planning for Tomorrow: Managing The Challenge Of Digital Transformation
Mark Hillary Continue Reading
April 28, 2025
The Cost of Intelligence: How To Manage The AI Energy Problem
Mark Hillary Continue Reading
Blog

    Access full story Leave your corporate email to get a file.
    Yes

      Subscribe A bank transforms the way they work and reach
      Yes