Retail Under Siege: The Rising Threat of Cybersecurity Attacks

The retail sector is facing a stark wake-up call: cybersecurity can no longer be treated as an IT issue it’s a business-critical priority.

In the last few weeks, we've witnessed a sharp uptick in cyberattacks targeting major UK retailers. Most notably, M&S confirmed a recent breach in its customer-facing Sparks loyalty app, which exposed personal account details to other users during a technical glitch. While M&S moved swiftly to resolve the issue and reassured customers that no financial information was compromised, the incident raised serious questions about data handling, system resilience, and third-party platform risk.

Similarly, Co-op confirmed a cyber attack on May 2, 2025, which resulted in unauthorized access to personal data of current and former members. The compromised information included names, contact details, and dates of birth, though financial data and passwords remained secure. In response, Co-op shut down certain IT systems to prevent further breaches, causing disruptions in back-office operations.

Harrods, the luxury department store, also reported an attempted cyber attack in early May. While the company stated that its seasoned IT security team immediately took proactive steps to keep systems safe, the incident highlights the ongoing threats faced by retailers of all sizes.

Cybercriminals are increasingly viewing retailers as prime targets. Why? Because the retail ecosystem is a goldmine of data customer payment info, loyalty scheme data, employee records, and supply chain access. And with the rapid digitisation of operations from cloud-based POS systems to AI-driven customer analytics, retailers are more exposed than ever.

Despite these rising threats, many businesses remain underprepared. The British Retail Consortium’s 2024 Crime Survey Report, reveals that 57% of UK retailers have experienced a rise in cyberattacks and breaches, while at least 90% have reported that the frequency of such attacks has either remained steady or increased annually since 2015.

The consequences are severe. Beyond operational disruption, there’s reputational damage, loss of customer trust, and thanks to GDPR, hefty fines. But perhaps most significantly, cybersecurity is now a competitive differentiator. Retailers who can prove digital resilience and secure customer data are rapidly pulling ahead.

So what can be done?

• Make cybersecurity a board-level priority. It’s not just a technical issue it’s central to customer trust and brand integrity.

• Invest in proactive monitoring and threat detection tools that offer real-time alerts.

• Educate staff continuously. Human error remains the most common gateway for breaches.

• Engage third-party experts to perform regular penetration testing and review your incident response plan.

Encouragingly, collaboration across the sector is growing. Initiatives from the National Cyber Security Centre and industry forums are helping retailers share intelligence and best practices.

The message is clear: in 2025, cybersecurity is no longer a bolt-on it’s the backbone of retail trust. Those who act now will not only protect their operations but also strengthen their brand in the eyes of today’s digitally-conscious consumers.

If this isn’t a standing item on your leadership agenda, it should be. Cyber threats aren’t waiting and neither are your competitors.