In the past month alone, cyber attacks have gone from occasional headlines to near-daily national news fixtures.
Marks and Spencer’s, Co-op, Harrods – along with international names like Dior and Coinbase – have all recently fallen victim to cyber incidents.
Retailers in particular have found themselves in the cross hairs, and while not every incident has made headlines, it is clear that retail crime is surging at unprecedented speed – with the retail sector as its prime target.
The sector has suffered the twin effects of high investment in cyber infrastructure used to hook customers and under-investment in cyber security.
“The barriers to entry for cyber criminals are very low,” LEK partner Jan Schniederbanger said. “Retailers are a high-risk group.”
Retail under attack
At the heart of this crisis is data – personal data. Retailers have long sought to personalise advertising and customer experiences. In tailoring these buying experiences, they have amassed huge troves of sensitive information: Names, payment details, even shopping habits.
This data goldmine, often enclosed within outdated or insufficiently secured systems, has become irresistible for cyber criminals.
According to data from the Information Commissioners Office (ICO), phishing and ransomware attacks have climbed significantly across all sectors since 2019.
However, the retail and manufacturing sector has suffered one of the most dramatic rises of any industry tracked.
In 2019, reported attacks in this sector were under 2,000 annually. Fast forward to 2024 and that number had more than doubled, with over 4,000 incidents recorded.
From 2022, retail arcs sharply upward, overtaking every other industry by 2024.
The red, average line follows a similar, albeit flatter trend – reinforcing that while cyber crime is rising everywhere, retail is bearing the brunt.
Two post-pandemic shifts accelerated the rise of retail cyber crime: The move away from cash towards plastic and the push for personalised advertising, which requires high levels of customers’ data.
Ransomware’s evolution
The 2025 Ransomware Report by cybersecurity firm Delinea, shared exclusively with City AM, offers deeper context and confirms that attackers are becoming more strategic and destructive.
The report found that 69 per cent of organisations surveyed have experienced a ransomware breach, and over a quarter have been hit more than once.
Alarmingly, 60 per cent of these attacks now involve data extortion, meaning the theft and threat of publishing sensitive information.
And yet, only 33 per cent of businesses have adopted effective access controls like least privilege policies, leaving dangerous gaps in cyber defences.
These vulnerabilities are being ruthlessly exploited by sophisticated criminal groups using AI-driven attacks, deepfake social engineering, and compromised credentials as a primary access point.
As AI tools advance, threat actors are leveraging them not just to break into systems, but to evade detection, automate target selection, and amplify the chaos they leave behind.
Experts have pointed to a combination of high value data, outdated IT infrastructure, and a history of under investment in cyber security as key issues.
“Retailers on tight margins have historically underinvested in comprehensive cyber security,” says Professor Feng Li of Bayes Business School.
“As they’ve layered digital systems on top of legacy infrastructure, they’ve widened the attack surface.”
In practice, this means that attackers face less resistance when infiltrating retail systems, and more potential reward.
Cyber gangs like Scattered Spider, who were reportedly behind the M&S breach are increasingly targeting retailers with tailored phishing and ransomware campaigns, often using stolen credentials and insider information to move quickly and quietly through systems.
The high level of staff churn in retail only exacerbates the problem, according to Schniederbanger.
“Accounts and credentials are [often] created faster than they are removed [and] helpdesks are often not able to scale their staffing in-line with the increased volume of activity (for example for password reset calls) during seasonal peaks which increases vulnerability,” he said.
M&S share price tumbles after attack
The financial consequences of these attacks are also becoming more visible.
Following its recent cyber incident, supermarket giant Marks and Spencer’s share price dropped sharply, falling from around 405p in mid-April before the attack, to just 345p by early May – an almost 15 per cent decline in less than a month.
The timeline shows a stark correlation between the disclosure of the attack and investor reaction, proving that cyber security is no longer solely a technical issue, but a boardroom one too.
The modest recovery in late May reflects partial restoration, despite remaining damage to consumer confidence.
There has been more than just market damage, too: M&S has estimated the hit to its operating profit at £300m.
Analysts have also warned of reputational damage and a loss of consumer trust, which may take years to heal.
A strategic reset needed
The Delinea report underscores the chaos ransomware brings.
Around 75 per cent of victims take up to two weeks to recover, and less than 1 per cent are still struggling after a month, but these outliers can suffer devastating consequences.
In June 2023, KNP Logistics collapsed after a ransomware breach, resulting in 730 lost jobs.
Just a year later, a similar attack on NHS supplier Synnovis led to thousands of cancelled procedures and a blood donation emergency in London.
Click Here For The Original Source.
