2
The Co-operative’s trading update shows the financial effect of a cyber attack last year against the retailer. Last year, revenue was down 2.3pc compared to the previous year; £11,025m in 2025 compared to £11,279m in 2024. The retailer gave a figure of £107m for the ‘impact to profitability’; it recorded a loss of £35m last year compared with profits of £131m the year before.
The Co-op (Cambridge store, pictured) said its immediate priority is on resuming its 2024 trajectory, where results demonstrated a 35pc increase in underlying operating profit.
Debbie White, Chair of Co-op Group, described 2025 as a challenging year, ‘but those challenges have helped us reshape Co-op for the future. Despite a cyber attack and tough market conditions, our colleagues have shown incredible resilience, keeping communities served and essential services running.’
Comment
Oliver Spence, CEO of CybaVerse said: “For years, cyber risk has been treated as a technical problem sitting somewhere in IT. What incidents like this show is that it’s a direct financial risk to the business, capable of wiping out entire quarters of profit in one hit. A £100m-plus impact isn’t an edge case anymore. It’s what happens when operational dependency on technology outpaces an organisation’s ability to detect, respond and recover from attacks in real time.
“The real issue isn’t just prevention, because no company can guarantee they won’t be breached. The issue is how quickly a business can understand what’s happening and take action when it does. Most organisations are still operating with fragmented security tools, limited visibility and slow response processes. That’s what turns an incident into a financial event.
“Boards now need to shift their focus from “do we have security tools?” to “do we have operational control when something goes wrong?”. This means real-time visibility across the estate, the ability to take immediate action, and a clear, rehearsed path to keep the business running under pressure. Because the gap between “we’ve been breached” and “we’ve lost £100m” is usually just time, and the organisations that close that gap fastest are the ones that come out intact.”
Manufacturing
Also suffering, besides other retailers, last year was Jaguar Land Rover (JLR). The cyber firm ESET points to a survey finding that nearly eight in ten UK manufacturers (78pc) admit they have fallen victim to a cyber incident in the past 12 months with over half (53pc) of them reporting lost revenue as a result.
Matt Knell, UK Country Manager at ESET, said: “If the JLR attack showed us anything, it’s how quickly a cyber incident can shut down production at scale and have major consequences for the business and the wider economy. The real challenge is that many organisations still treat cybersecurity as an IT issue rather than a strategic business decision. When it sits outside the boardroom, it’s harder to prioritise appropriately.
“What’s striking is that many organisations still see reactive approaches as more economical, despite the evidence to the contrary. With many major incidents resulting in six-figure losses and widespread operational disruption, the cost of reacting after the fact can be significant. In contrast, investing in advanced endpoint protection and managed detection and response (MDR) services can provide continuous, 24/7 monitoring and access to specialist expertise, helping organisations stay ahead of evolving threats, even when internal teams are stretched, In that context, the idea that prevention is too expensive simply doesn’t stand up.
“The organisations that get ahead of this will be the ones that treat cybersecurity as a core part of how they run the business, not just something for IT to manage.”
Click Here For The Original Source
