British Retailers under siege: the surge of cyber-attacks in 2025

Situation to date:

The UK retail sector is facing an unprecedented wave of sophisticated cyberattacks in 2025, with major brands like Marks & Spencer, Co-op, and Harrods suffering crippling blows to their operations, finances, and reputations.

Over just a few weeks this spring, attackers managed to halt online orders, disrupt payment systems, and expose sensitive customer data, underscoring the sector’s acute vulnerability in an era of digital transformation.

Recent Attacks:

Marks & Spencer was hit by a devastating ransomware attack over the Easter weekend, forcing the suspension of all online orders and automated stock management. The fallout was severe: shelves emptied, customers were unable to shop online for nearly seven weeks, and the company’s market value dropped by £300 million. Personal data, including names, addresses, and order histories, was compromised, though payment details and passwords were reportedly unaffected.

Co-op faced a similar fate. Ransomware disabled self-checkouts and disrupted logistics, leading to widespread shortages and empty shelves. While initial reports suggested no data was stolen, it later emerged that member data, including names and contact information, had been accessed. The company’s decision to shut down IT systems as a precaution may have prevented even greater damage.

Harrods fell victim to a phishing-led breach, targeting internal systems and sensitive data. The attack highlighted the persistent threat of social engineering tactics, which remain the most common method used by cybercriminals to infiltrate retail networks.

Why Retail? Why Now?

Retailers are prime targets for cybercriminals due to their vast stores of customer data, interconnected supply chains, and reliance on e-commerce and real-time payment systems. The sector’s sheer scale means that even brief IT outages can result in millions in lost revenue. One report found that retailers can lose up to £73 million per minute if their payment systems go offline.

The 2025 threat landscape is dominated by ransomware syndicates such as Akira, LockBit, Clop, BlackCat, and the highly active Scattered Spider, which has been linked to several of this year’s most damaging attacks. These groups use a blend of data encryption, extortion, and social engineering to force payments and extract sensitive information.

• Ransomware attacks on UK retailers surged by nearly 75% in Q1 2025

• 41% of retail organisations reported a breach this year

• Phishing accounted for 65% of breaches, with credential theft and third-party vendor vulnerabilities also widespread

The Wider Fallout -Beyond Retail:

The cyber threat is not confined to retail. Local councils, hospitals, and schools have all been targeted, with devastating real-world consequences.

• Glasgow City Council faced a breach that disrupted services and exposed personal data.

• NHS Dumfries and Galloway and North Lanarkshire Council were similarly attacked.

• In education, a spear-phishing attack on Edinburgh City Council caused a mass password reset, locking students out of critical revision tools during exams.

• The most chilling example came in June 2024, when a ransomware attack on NHS blood services was linked to a patient’s death at King’s College Hospital. The attack, traced to a Russia-based group Qilin, delayed critical test results and caused over 10,000 cancelled appointments, a stark reminder that cyberattacks can be a matter of life and death.

The Cost of Insecurity:

The financial and operational impact is staggering:

• UK businesses experienced approximately 8.58 million cyber crimes in the last 12 months

• The average cost per business of a cybercrime incident (excluding phishing) is £990, but for cyber-facilitated fraud, it rises to £5,900.

• Ransomware attacks on UK firms increased significantly between 2024 and 2025, affecting 19,000 companies.

• Criminal gangs are estimated to launder £100 billion annually through the UK—much of it digitally.

Cyber insurance premiums are rising, with experts predicting at least a 10% increase in cover costs for retailers. Nearly three-quarters of business leaders now believe a cyber incident will disrupt their operations within the next two years.

Government and Industry Response:

The UK Government and the National Cyber Security Centre (NCSC) have issued urgent warnings and are actively assisting affected retailers. Emphasis has been placed on reviewing IT help desk processes, especially for password resets, and on enhancing information sharing between government, law enforcement, and the private sector. The attacks are being described as a “wake-up call” for all UK organisations to strengthen cyber resilience.

Looking Ahead:

The frequency, sophistication, and impact of recent cyberattacks make clear that the UK retail sector and critical public services must urgently invest in robust cybersecurity defences. Failure to adapt will not only result in financial and reputational losses but, as seen in healthcare, can have life-or-death consequences. As digital transformation accelerates, so too must the commitment to cyber resilience before the next attack strikes.