Recent cyberattacks on UK retail are a wake-up call for all businesses

Professional services provider KPMG has warned that millions in lost retail sales, personal data theft, and disruption to online ordering have provided a much-needed wake-up call to the retail sector and UK businesses. While responsibility still lies with specialist teams reporting to the CISO, nobody within an organisation, from the C-suite to retail floor staff, is immune from being targeted. The article highlights that once the door is opened, "the hacker is in". 

As a result, greater focus must be placed on cybersecurity awareness across the entire business. The article cites an approach taken by Sainsbury's in which mandatory data and information security training focusing on "how to keep our information safe" was implemented following a third-party attack. 

A related article by international law firm Pinsent Masons echoed these sentiments, warning that businesses must learn from recent ransomware attacks on UK retailers by enhancing preparedness and understanding supply chain risks. The attacks on Harrods, Marks & Spencer, and the Co-op underscore the devastating effect of ransomware, prompting a need for companies to assess their operational resilience. M&S, which has now restored online orders, anticipates a cost of up to £300m from its attack.

These incidents highlight the persistent threat of ransomware, where data is encrypted and stolen. Despite increased awareness, the government's latest Cyber security breaches survey reported that 74% of large and 67% of medium-sized UK businesses experienced a breach in the last year. Meanwhile, an analysis of Pinsent Masons' 2024 caseload revealed that 48% of cases involved ransomware, with data theft in 83% of those cases. Furthermore, attacks on the British Horseracing Authority and Legal Aid Agency demonstrate attacks are not limited to the retail sector and that no organisation is immune.