General

What the M&S Cyber Attack Means for the Global Retail Sector

Everfox High Assurance Cyber Solutions
Everfox
5 min read
UK Oxford Street

Recent cyberattacks on major UK retailers – Marks & Spencer (M&S), Co-op and Harrods, underscore a stark reality of a growing global crisis. They reflect a broader trend of increasingly sophisticated cyber threats targeting commercial businesses around the world. From high street stores in London to major retailers in New York, Sydney and Singapore, the message is clear: No sector is immune.

These incidents highlight the urgent need for commercial enterprises to adopt high-assurance, defence-grade cybersecurity measures to safeguard their operations, reputation, customer trust and employee safety.

Recent Attacks with Real-World Impacts

In April 2025, M&S disclosed a major cyber incident that led to a 12% drop in its share price [1]. The attack disrupted online clothing and home orders and affected food product availability. Financial analysts estimated the immediate losses at approximately £30 million, with ongoing weekly losses around £15 million [1].

At the Co-op, contactless payments were disabled in 200 of its 2,300 UK stores. Deliveries were delayed, stock shortages emerged and personal data of come 6.2 million members were exposed [1].

Harrods, another iconic UK brand, also confirmed a cyber-attack attempt, although the damage appears to be contained.

All three incidents are believed to be linked to the Scattered Spider hacking group, a cybercrime syndicate known for advanced ransomware, hacking-as-a-service and social engineering attacks [3].

While these recent attacks have hit UK retailers particularly hard, they are far from isolated events. Commercial organisations across the globe are increasingly finding themselves in the crosshairs of sophisticated cybercriminal operations and nation-state threat actors.

NCSC’s Updated Guidance and Government Response

In the wake of these attacks, the UK’s National Cyber Security Centre (NCSC) issued urgent cybersecurity guidance. The agency warned of the rise in social engineering attacks, where criminals impersonate IT support staff to trick employees into resetting passwords – tactics more commonly associated with nation-state actors. One such technique is believed to have led to the compromise of internal systems at M&S [4].

In parallel, the UK Government is preparing to introduce the Cyber Security and Resilience Bill, which represents a significant step forward in mandating resilience standards across industries. The bill will impose stricter reporting requirements, expand regulatory oversight and enhance cyber preparedness [5].

“These incidents should act as a wake-up call to all organisations. I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.” - The UK NCSC [6]

Download the Implementing the UK NCSC Principles for Cross Domain Solutions Brochure (opens a new window)

Why Defence-Grade Cybersecurity is a Business Imperative

Cyberattacks today are often designed for maximum disruption, from ransomware to supply chain infiltration and real-time service denial. To defend against these tactics, businesses should shift from reactive detection tools and technologies to adopting defence-grade proactive cybersecurity solutions, including:

  • Secure Access – The right access, for the right people at the right time.
    • Secure Transfer – Seamlessly connect and transfer data with trust across networks.
      • Secure Data – Never trust, always verify with prevention-first threat protection solutions.
        • Secure People – Security that protects your networks, data and people, enabling secure collaboration across all environments.
          Download the Cyber360 Report
          The Business Impact is Real & Measurable

          The financial and operational fallout from these attacks is severe:

          • M&S had a 12% share price drop, major online retail disruptions and halted supply lines [1].
            • The Co-op were unable to process payments, exposed customer data and reduced customer trust in the process [2].
              • Harrods confirmed the attempted breach, signalling the targeted nature of the attacks against UK high street retailers [3]

                These incidents have halted product launches, disrupted major business activity and undermined brand confidence. In a digital-first economy, the cost of a successful cyberattack is now measured not just in data but in continuity and value.

                They also reflect a worldwide pattern of attacks on retail organizations that have led to severe financial and operational impacts. A 2013 cyberattack on U.S retailer Target resulted in a reported 46% drop in quarterly profits and an estimated $290 million US dollars in total costs, including repairs, losses, settlements and fines [7]. More recently, in November 2024, Krispy Kreme experienced a cyberattack that disrupted its online operations in parts of the U.S, leading to a nearly 3% drop in share price and significant operational challenges [8].

                Cyber Resilience is Business Resilience

                The recent attacks may have disrupted the UK high street, but the implications go far beyond just British retail. Cyber threats are a global, not local crisis.

                The question for commercial businesses is no longer “will we be attacked?” but “are we ready for when it happens?”

                It’s time to think like the adversary and defend like the military because defence-grade resilience is more and more essential for everyday services day by day. Now is the time to act, your business doesn’t need more awareness, it needs resilience.

                Contact our Cybersecurity Team and look at how adopting defence-grade cybersecurity solutions can safeguard your networks, data and people.

                References

                [1] Reuters - https://www.reuters.com/business/retail-consumer/britains-ms-enters-second-week-sales-disruption-after-cyberattack-2025-05-02/ (opens a new window)

                [2] The Guardian - https://www.theguardian.com/business/2025/may/06/co-op-rushes-to-fix-contactless-payment-issue-in-some-stores-amid-cyber-attack-fallout (opens a new window)

                [3] The Sun - https://www.thesun.co.uk/money/34750805/harrods-cyber-attack-marks-and-spencer-co-op/ (opens a new window)

                [4] Financial Times - https://www.ft.com/content/602e10e7-00b3-4c9b-bb27-6480d7246f37 (opens a new window)

                [5] UK Parliament Brief - https://www.gov.uk/government/publications/cyber-security-and-resilience-bill-policy-statement/cyber-security-and-resilience-bill-policy-statement (opens a new window)

                [6] National Cyber Security Centre - https://www.ncsc.gov.uk/news/retailers-incident (opens a new window)

                [7] Mitratech - https://mitratech.com/en-gb/resource-hub/blog/the-2013-target-data-breach-a-lasting-lesson-in-third-party-risk-management (opens a new window)

                [8] Investopedia - https://www.investopedia.com/krispy-kreme-warns-a-cyber-attack-will-negatively-impact-results-8759523 (opens a new window)

                Everfox High Assurance Cyber Solutions

                Everfox

                TechHub

                Everfox, formerly Forcepoint Federal, has been defending the world’s most critical data and networks against the most complex cyber threats imaginable for more than 25 years. Our unwavering dedication and commitment to our customers and the critical missions they serve are what set us apart. We are dynamic, vigilant, and proactive in everything we do.