Yesterday, UK supermarket group Co-op announced that cyber hackers were trying to break into its computer systems.
This prompted the retailer to shut down parts of its IT systems to prevent hackers gaining access to them.
Speaking about the hack, a Co-op spokesperson commented to The Guardian “We have recently experienced attempts to gain unauthorised access to some of our systems.
“As a result, we have taken proactive steps to keep our systems safe, which has resulted in a small impact to some of our back office and call centre services.
“We are working hard to reduce any disruption to our services and would like to thank our colleagues, members, partners and suppliers for their understanding during this period.”
The cyber attack is the second one hitting a big UK supermarket in recent days, with Marks and Spencer last week announcing an issue with their contactless and online ordering systems. This caused huge disruptions to their systems, forcing them to pause online ordering for most of the week.
How Can Cyberattacks Affect Companies?
Cyberattacks can be huge problems for businesses, especially those that operate across entire regions. IT systems are usually at the centre of all operations and communications, so when they go down, it can be a big problem for a number of reasons including:
Financial losses: Having a system go down means sales might be lost, having big financial implications. For M&S for example, if customers are not able to pay via contactless in store, they may head to competitor supermarkets.
Disruptions to operations: In Co-ops case, part of the system that went down was the company’s stock programmes, meaning shops may not have what they need to keep up sales. Not only this, but systems usually manage everything from finances to supply chain, causing huge disruptions.
Loss of trust: If customers know that a company is vulnerable to cyberattacks, they may not trust them with their data. This can make it difficult to retain customers against competitors.
Fines: In some cases, if companies leave customers’ data vulnerable, they could be fined. This happened with British Airways back in 2020, where they were fined £20m by the UK’s Information Commissioner’s Office (ICO) for a data breach.
So, how can retailers and customers better protect themselves? To find out, we asked the experts…
Our Experts
- Scott Dawson, CEO at DECTA
- Raghu Nandakumara, Head of Industry Solutions at Illumio
- Adam Casey, Director of Cybersecurity & CISO at Qodea
- Vivek Dodd, CEO at Skillcast
- Anastasia Shamgunova, HR Director, Regional Network at Kaspersky
- Spencer Starkey, Executive VP EMEA at SonicWall
- Arda Büyükkaya, Senior Threat Intelligence Analyst at EclecticIQ
- Teresa Lanowitz, Chief Evangelist at LevelBlue
- Javvad Malik, Lead Security Awareness Advocate at KnowBe4
- Jamie Akhtar, CEO and Co-Founder at CyberSmart
- Chris Hauk, Consumer Privacy Advocate at Pixel Privacy
- Paul Bischoff, Consumer Privacy Advocate at Comparitech
For any questions, comments or features, please contact us directly.
Scott Dawson, CEO at DECTA
“The attempted hack on Co-op’s IT systems forced a shutdown of crucial back-office functions and exposed alarming vulnerabilities. Retailers can no longer afford to treat resilience as optional as this becomes more of a trend.”
“This incident, coming on the heels of major breaches at Marks & Spencer and other high-profile targets, highlights how brittle legacy architectures and siloed security practices are, and no match for sophisticated threat actors. Until businesses adopt uniform metrics and invest in fail-safe recovery plans, every transaction—and every customer relationship—remains at risk. When a single intrusion forces entire back-office operations offline, every step from inventory management to customer service teeters on collapse.
“Much like the repeated failures of banking apps, this illustrates a fundamental weakness in the resilience of the systems we rely on most. It’s no longer enough to simply talk about resilience; it’s a crucial element of modern business, especially when dealing with finances. The lack of standardised ways to measure resilience has contributed to it being dismissed as mere rhetoric by some business leaders.”
“It’s time to move beyond rhetoric: businesses must move from reactive patchwork to proactive resilience engineering architected into every layer of IT strategy, or retailers will continue to pay the price. Only then can retailers protect revenue streams, reputations and the trust of the millions who rely on them.”
Raghu Nandakumara, Head of Industry Solutions at Illumio
“The Co-op’s decision to proactively shut down parts of its IT systems following a cyber threat, whilst keeping essential business operations running, is a strong example of an effective containment strategy in action.
“Unlike many organisations, which are forced to halt operations entirely after attacks, the Co-op appears to have protected its most critical services and maintained business continuity. This kind of resilience reflects a shift towards a containment mindset: ensuring that even when under attack, essential services remain operational while the root cause is investigated and resolved.
“Security today is about knowing that breaches are inevitable, but disasters are optional. This realisation is key to maintaining trust and continuity during a cyberattack.”
Adam Casey, Director of Cybersecurity & CISO at Qodea
“Large retailers have intricate IT infrastructures with numerous interconnected systems, resulting in a high number of potential entry points for attackers. At the same time, cybercriminals are leveraging AI to craft convincing phishing emails, develop smarter malware, and automate their operations – making attacks faster, more targeted, and harder to detect.
“Shutting down affected systems is a standard and crucial step in managing a significant cyber incident. Isolating compromised systems limits the attacker’s ability to move laterally within the network and infect other critical infrastructure.
“This move also helps to contain the damage, as shutting down systems can prevent further data encryption, exfiltration, or corruption. Drawing operations to a halt also allows cybersecurity experts to safely analyse the affected systems, identify the root cause, and implement necessary fixes without the risk of further interference.
“The best practice for mitigating cyberattacks like these involves putting robust security controls in place to prevent infiltration from the outset. That means having the right tools – like Endpoint Detection and Response (EDR) and SIEM platforms, ideally backed by User and Entity Behaviour Analytics (UEBA) to spot anything unusual early on.
“Regular and fast patching helps to close known vulnerabilities, while enforcing multi-factor authentication (MFA) for all cloud/critical systems, and remote access adds an extra layer of security.
“Of course, prevention alone isn’t enough – you also need a clear strategy for when the worst does happen. That means enhancing Business Continuity and Disaster Recovery (BC/DR) capabilities. Organisations must have robust, isolated, and regularly tested backup systems that can restore critical data quickly and safely.
“A well-rehearsed Incident Response Plan is also key, ensuring that technical teams, leadership, and communications staff know exactly how to respond in the first critical hours of a cyber event.”
For any questions, comments or features, please contact us directly.
Vivek Dodd, CEO at Skillcast
“In the wake of any cyberattack, especially one that severely disrupts operations, it’s easy to hone in on the technical failings. But the real damage is often to trust, particularly when the attack causes wide-spread public concern. Retailers who lead with transparency, and make the immediate decision to put people first – by issuing a public apology, prioritising customer communication and taking clear action to protect consumer data – are the ones which will fare the best in times of crisis. When systems go offline, empathy can be as powerful as any firewall.
“Today’s retailers operate in a rapidly shifting threat landscape and every-day reliance on interconnected systems, remote workforces and AI-driven tools has expanded the attack surface dramatically. Sophisticated attacks can exploit minor gaps and cause widespread disruption, and even the smallest vulnerability can open the door to large-scale disruption. True cyber resilience isn’t just about having firewalls and backups, it’s about preparing for operational continuity and effective response when defences fail.
“While a total system shutdown can feel extreme, it is sometimes the most responsible course to contain and assess the full extent of the threat. In an ideal world, organisations should already have segmented infrastructure, frequent scenario testing and well-drilled incident response teams in place. However, even with these defences, the pace of cyber threats can leave even the best defences scrambling.
“To move forward, retailers must treat cybersecurity as a cultural priority, not just an IT function. That means ongoing employee training, scenario planning and continuous investment in both technology and people. Recent incidents underline the importance of readiness, but also of humanity in response. A retailer that acknowledges its vulnerability and speedily responds with integrity will often come out stronger, both in operations and in reputation.”
Anastasia Shamgunova, HR Director, Regional Network, at Kaspersky
“With nearly two-thirds of cyber incidents caused by human error, the role of HR teams in creating an environment that enables employees to develop and boost their cyber skills is acute. The cyber attack on Co-op is a stark reminder that even well-established companies remain vulnerable when employee cyber literacy is not prioritised.
“HR teams, together with other relevant departments, should adopt a systematic approach to cyber education, carrying out regular assessments of staff cyber literacy and implementing training to close knowledge gaps. Cybersecurity training must be a continual effort, not a one-off initiative.
“These efforts must extend beyond non-IT staff. Kaspersky research shows that IT and IT security professionals are not immune to causing cyber incidents; in fact, they can be at greater risk than non-technical employees when accidental and deliberate actions are combined. In addressing today’s cybersecurity talent shortage, HR teams are well-placed to support upskilling strategies.
“With 41% of InfoSec professionals reporting understaffed security teams and nearly half of companies taking over six months to fill cyber roles, organisations must look inward. Whether through tailored internal programs or automated awareness platforms like Kaspersky’s ASAP, which has improved the cyber skills of over 2 million employees worldwide, HR can lead the charge in making cyber resilience a cultural norm.”
Spencer Starkey, Executive VP EMEA at SonicWall
“First things first, employees need to know how to protect themselves. Across the board, there must be implementation of strong security policies and procedures, good password hygiene, high-level encryption, as well as single sign-on and access control when it comes to cloud applications.
“From a high-level business perspective, they must look to constantly monitor their network for suspicious activity, using security tools to detect where logins are occurring, on what devices. The sooner they can flag a potential issue, the risk of an attack dramatically lowers. Having a response plan to a cyber attack is of course paramount, and to their credit, more and more businesses have realised this.
“It’s important to have a technology partner that they can use, if need be, for remediation. HR teams must work closely with the IT teams, especially the CISO of the organisation to ensure they have full visibility on who to call if the unthinkable happens.”
For any questions, comments or features, please contact us directly.
Arda Büyükkaya, Senior Threat Intelligence Analyst at EclecticIQ
“The cyberattack affecting the Co-op, which has forced the retailer to shut down parts of its IT system, is a stark reminder of how quickly cyber incidents can escalate and ripple through the sector.
“While possible links to the recent M&S breach are still under investigation, it’s clear that attackers are increasingly opportunistic, exploiting vulnerabilities across interconnected supply chains and systems.
“Although the specific nature of the Co-op attack hasn’t been confirmed, retail sector incidents are frequently tied to ransomware campaigns, DDoS attacks targeting customer-facing services, or supply chain compromises. Initial access is often achieved through phishing campaigns aimed at employees, unpatched public-facing applications, or compromised third-party vendor credentials.
“Retailers must assume they are targets and prepare accordingly—with robust network segmentation, regularly tested offline backups, and rehearsed incident response plans that include clear customer communication. Multi-factor authentication for administrative access, alongside continuous endpoint detection and response capabilities, is essential.
“For consumers, now is a good time to stay alert: monitor financial accounts, update passwords, and watch for phishing attempts leveraging this incident.
“Retail continues to be a prime target due to rich customer data and the high cost of downtime. The Co-op breach should push all retailers to prioritise cyber resilience.”
Teresa Lanowitz, Chief Evagenlist at LevelBlue
“Creating a cyber resilient organisation both protects it from loss and, at the same time, creates an environment that fosters productivity and innovation.
“AI tools promise us unprecedented levels of efficiency, optimised processes, and enhanced automation. But the blazing speed of its evolution – far faster than governance and regulations can keep up – is a reason to be cautious. AI tools are supercharging cyberattacks, allowing threat actors to rapidly identify and weaponize vulnerabilities and automate large scale ransomware and phishing campaigns.
“Effective leaders see cyber resilience as a core business function. They align cyber resilience with business decisions from the top and ensure that it is prioritised across the organisation. An organisation with a cyber resilient culture is a place where everyone, at every level, understands their role in cybersecurity and takes accountability for it – including protecting sensitive data and systems.
“Businesses must invest in cybersecurity measures to get ahead of risks, such as advanced threat detection and response, and exposure and vulnerability management technologies.”
Javvad Malik, Lead Security Awareness Advocate at KnowBe4
“The recent cybersecurity incident at The Co-op, following closely on the heels of a similar event at Marks & Spencer, underscores the growing cybersecurity challenges facing the retail sector. The Co-op’s swift response in restricting access to certain systems demonstrates a commendable prioritisation of cybersecurity.
“This incident highlights the critical role of technology in modern retail operations and its potential vulnerabilities. As retailers increasingly rely on digital systems for everything from inventory management to customer service, they inadvertently expand their attack surface, making them attractive targets for cybercriminals. No single system should be considered to be non business critical. All systems are reliant on one another and when one goes down or is compromised, it can have a knock on effect on others.
“The fact that other major retailers like Morrisons and WH Smith have faced similar challenges points to a broader trend of escalating cyber threats in the sector. This pattern emphasises the need for a more proactive and comprehensive approach to cybersecurity across the retail industry.
“Which is why it’s important that retailers view cybersecurity not only as an IT concern, but as a fundamental part of business. This involves not only investing in technical defences but also fostering a culture of cybersecurity awareness throughout the organisation where everyone plays their role in keeping the organisation secure.”
For any questions, comments or features, please contact us directly.
Jamie Akhtar, CEO and Co-Founder at CyberSmart
“The attack on The Co-op is the latest example of a major retailer being targeted by cybercriminals. Many retailers are increasingly relying on IoT devices to do everything from product pricing to stock takes and, while this undoubtedly delivers some efficiency gains, it also brings risks with it.
“IoT devices are notorious from providing cybercriminals easy routes into wider systems. They often come with rudimentary security as default and many businesses simply don’t realise the importance of updating things like operating systems and firmware regularly, meaning these devices are often riddled with vulnerabilities.
“There’s no suggestion yet, that this is what has happened in this instance. What’s more, The Coop should be applauded for doing everything right in their response to the threat. Nevertheless this is a growing risk for retailers, and it’s partly why we’re seeing so many high-profile attacks.”
Chris Hauk, Consumer Privacy Advocate at Pixel Privacy
“While Co-op calls the incident an “attempted hack,” parts of systems are not usually shut down if a hack was unsuccessful. That said, parts of the systems may have been shut down to apply patches and to allow for hardening of the systems before bringing them back up.’
“Customers of the group’s grocery stores, legal and financial services, and funeral parlours (Wow! They have us covered from cradle to grave), should stay alert for any unusual activities on their accounts, both at the Co-op and other organizations, including their banking and credit card accounts.
“Once we know what, if any, data has been stolen, we’ll better know what steps customers, and possibly employees, can take to protect themselves.”
Paul Bischoff, Consumer Privacy Advocate at Comparitech
“Co-op is trying to downplay this attack by characterizing it as an “attempt” to break into its systems, but if it had to shut down call centres and back office operations, then the attack must have succeeded to some degree.
“I’m sure Co-op is investigating, but it could be weeks or months before we know the full extent of the attack and whether any personal data was compromised.”
For any questions, comments or features, please contact us directly.
