22.07.25

Cyber-attacks on UK Retailers Likely to Persist Amid “Fraud Pandemic,” Experts Caution

Cyber-attacks on UK Retailers

A spate of high-profile cyber-attacks has hit UK retailers this year, a trend that shows no signs of slowing, according to industry experts. Major brands, including the Co-op, Harrods, and Marks & Spencer, are among the companies affected by what experts are calling a “fraud pandemic.”

Speaking to The Independent, Vivek Dodd, the CEO of security and compliance training provider Skillcast*, said, “This fraud pandemic [is] exposing just how vulnerable many businesses are. These [cyber] attacks have rapidly evolved into operational nightmares which cause severe long-term financial and reputational setbacks.”

High-profile Incidents

Marks & Spencer has been among the hardest hit. On 22nd April 2025, the retailer confirmed it had suffered a cyber-incident that forced it to suspend phone and online orders. Reports indicate the breach stemmed from a targeted social engineering campaign that enabled unauthorised access to internal systems. The consequences were significant, including widespread disruption, stock shortages and a sharp drop in the company’s market value.

In other noteworthy breaches, luxury department store Harrods fell victim to a phishing-led intrusion, while the Co-op experienced a ransomware attack. Altogether, these cyber-incidents highlight the growing sophistication and diversity of cyber-criminal tactics as well as the retail sector’s vulnerability. Specifically, retailers are attractive targets for threat actors due to the large volumes of valuable customer data they manage, the fast-paced nature of their operations – which can increase the risk of human error or overlooked security protocols – and their dependence on third-party services, which can introduce exploitable weaknesses throughout the supply chain. Now that several attacks have successfully hit the sector, experts warn that copycat attacks are increasingly likely to target other retail organisations. Moreover, the effects of the “fraud pandemic” could spill out into other industries or even target critical infrastructure

Cyber-statistics in the Retail Sector

The recent uptick in attacks on UK retailers reflects a broader trend across the industry. According to IT security firm PureCyber**, 41% of retail organisations have experienced a cyber-security breach this year, with ransomware attacks on retailers surging by almost 75% in the first quarter alone.

Worryingly, a recent report by Skillcast found that a “significant portion” of professionals “regularly fail basic security steps,” highlighting the critical importance of training staff sufficiently to handle cyber-threats. Alongside robust employee training, organisations should invest in zero-trust security architectures, review the security of their third-party vendors, and leverage a range of other cyber-hygiene measures to minimise vulnerabilities. Additionally, robust cyber-insurance and business interruption cover can financially safeguard organisations from cyber-threats’ perils.

It is recommended that all firms have a cyber policy within their insurance portfolio.  Feel free to contact us today to discuss cyber insurance covers.

Information provided by Zywave with a contribution from Lisa Langley, Cert CII, Team Leader, Professional Risks, Cox Mahon Ltd.

*Skillcast, offers compliance made simple, smarter and effective. They are based in London, with an office in Malta.

**PureCyber provide cyber security solution from the office base in Cardiff