Yesterday, UK supermarket group Co-op announced that cyber hackers were trying to break into its computer systems.
This prompted the retailer to shut down parts of its IT systems to prevent hackers gaining access to them.
Speaking about the hack, a Co-op spokesperson commented to The Guardian 鈥淲e have recently experienced attempts to gain unauthorised access to some of our systems.
鈥淎s a result, we have taken proactive steps to keep our systems safe, which has resulted in a small impact to some of our back office and call centre services.
鈥淲e are working hard to reduce any disruption to our services and would like to thank our colleagues, members, partners and suppliers for their understanding during this period.鈥
The cyber attack is the second one hitting a big UK supermarket in recent days, with Marks and Spencer last week announcing an issue with their contactless and online ordering systems. This caused huge disruptions to their systems, forcing them to pause online ordering for most of the week.
听
How Can Cyberattacks Affect Companies?
听
Cyberattacks can be huge problems for businesses, especially those that operate across entire regions. IT systems are usually at the centre of all operations and communications, so when they go down, it can be a big problem for a number of reasons including:
Financial losses:听Having a system go down means sales might be lost, having big financial implications. For M&S for example, if customers are not able to pay via contactless in store, they may head to competitor supermarkets.
Disruptions to operations:听In Co-ops case, part of the system that went down was the company鈥檚 stock programmes, meaning shops may not have what they need to keep up sales. Not only this, but systems usually manage everything from finances to supply chain, causing huge disruptions.
Loss of trust:听If customers know that a company is vulnerable to cyberattacks, they may not trust them with their data. This can make it difficult to retain customers against competitors.
Fines:听In some cases, if companies leave customers鈥 data vulnerable, they could be fined. This happened with British Airways back in 2020, where they were fined 拢20m by the UK鈥檚 Information Commissioner鈥檚 Office (ICO) for a data breach.
So, how can retailers and customers better protect themselves? To find out, we asked the experts鈥
听
Our Experts
- Scott Dawson, CEO at DECTA
- Raghu Nandakumara, Head of Industry Solutions at Illumio
- Adam Casey, Director of Cybersecurity & CISO at Qodea
- Vivek Dodd, CEO at Skillcast
- Anastasia Shamgunova, HR Director, Regional Network at Kaspersky
- Spencer Starkey, Executive VP EMEA at SonicWall
- Arda B眉y眉kkaya, Senior Threat Intelligence Analyst at EclecticIQ
- Teresa Lanowitz, Chief Evangelist at LevelBlue
- Javvad Malik, Lead Security Awareness Advocate at KnowBe4
- Jamie Akhtar, CEO and Co-Founder at CyberSmart
- Chris Hauk, Consumer Privacy Advocate at Pixel Privacy
- Paul Bischoff, Consumer Privacy Advocate at Comparitech
听
For any questions, comments or features,听please contact us directly.
听
听
Scott Dawson, CEO at DECTA
听
听
鈥淭he attempted hack on听Co-op鈥檚 IT systems forced a shutdown of crucial back-office functions and exposed alarming vulnerabilities. Retailers can no longer afford to treat resilience as optional as this becomes more of a trend.鈥
鈥淭his incident, coming on the heels of major breaches at Marks & Spencer and other high-profile targets, highlights how brittle legacy architectures and siloed security practices are, and no match for sophisticated threat actors. Until businesses adopt uniform metrics and invest in fail-safe recovery plans, every transaction鈥攁nd every customer relationship鈥攔emains at risk. When a single intrusion forces entire back-office operations offline, every step from inventory management to customer service teeters on collapse.
鈥淢uch like the repeated failures of banking apps, this illustrates a fundamental weakness in the resilience of the systems we rely on most. It鈥檚 no longer enough to simply talk about resilience; it鈥檚 a crucial element of modern business, especially when dealing with finances. The lack of standardised ways to measure resilience has contributed to it being dismissed as mere rhetoric by some business leaders.鈥
鈥淚t鈥檚 time to move beyond rhetoric: businesses must move from reactive patchwork to proactive resilience engineering architected into every layer of IT strategy, or retailers will continue to pay the price. Only then can retailers protect revenue streams, reputations and the trust of the millions who rely on them.鈥
听
Raghu Nandakumara, Head of Industry Solutions at Illumio
听
听
鈥淭he听Co-op鈥檚 decision to proactively shut down parts of its IT systems following a cyber threat, whilst keeping essential business operations running, is a strong example of an effective containment strategy in action.
鈥淯nlike many organisations, which are forced to halt operations entirely after attacks, the Co-op appears to have protected its most critical services and maintained business continuity. This kind of resilience reflects a shift towards a containment mindset: ensuring that even when under attack, essential services remain operational while the root cause is investigated and resolved.
鈥淪ecurity today is about knowing that breaches are inevitable, but disasters are optional. This realisation is key to maintaining trust and continuity during a cyberattack.鈥
听
Adam Casey, Director of Cybersecurity & CISO at Qodea
听
听
鈥淟arge retailers have intricate IT infrastructures with numerous interconnected systems, resulting in a high number of potential entry points for attackers. At the same time, cybercriminals are leveraging AI to craft convincing phishing emails, develop smarter malware, and automate their operations 鈥 making attacks faster, more targeted, and harder to detect.
鈥淪hutting down affected systems is a standard and crucial step in managing a significant cyber incident. Isolating compromised systems limits the attacker鈥檚 ability to move laterally within the network and infect other critical infrastructure.
鈥淭his move also helps to contain the damage, as shutting down systems can prevent further data encryption, exfiltration, or corruption. Drawing operations to a halt also allows cybersecurity experts to safely analyse the affected systems, identify the root cause, and implement necessary fixes without the risk of further interference.
鈥淭he best practice for mitigating cyberattacks like these involves putting robust security controls in place to prevent infiltration from the outset. That means having the right tools 鈥 like Endpoint Detection and Response (EDR) and SIEM platforms, ideally backed by User and Entity Behaviour Analytics (UEBA) to spot anything unusual early on.
鈥淩egular and fast patching helps to close known vulnerabilities, while enforcing multi-factor authentication (MFA) for all cloud/critical systems, and remote access adds an extra layer of security.
鈥淥f course, prevention alone isn鈥檛 enough 鈥 you also need a clear strategy for when the worst does happen. That means enhancing Business Continuity and Disaster Recovery (BC/DR) capabilities. Organisations must have robust, isolated, and regularly tested backup systems that can restore critical data quickly and safely.
鈥淎 well-rehearsed Incident Response Plan is also key, ensuring that technical teams, leadership, and communications staff know exactly how to respond in the first critical hours of a cyber event.鈥
听
For any questions, comments or features,听please contact us directly.
听
听
Vivek Dodd, CEO at Skillcast
听
听
鈥淚n the wake of any cyberattack, especially one that severely disrupts operations, it鈥檚 easy to hone in on the technical failings. But the real damage is often to trust, particularly when the attack causes wide-spread public concern. Retailers who lead with transparency, and make the immediate decision to put people first 鈥 by issuing a public apology, prioritising customer communication and taking clear action to protect consumer data 鈥 are the ones which will fare the best in times of crisis. When systems go offline, empathy can be as powerful as any firewall.
鈥淭oday鈥檚 retailers operate in a rapidly shifting threat landscape and every-day reliance on interconnected systems, remote workforces and AI-driven tools has expanded the attack surface dramatically. Sophisticated attacks can exploit minor gaps and cause widespread disruption, and even the smallest vulnerability can open the door to large-scale disruption. True cyber resilience isn鈥檛 just about having firewalls and backups, it鈥檚 about preparing for operational continuity and effective response when defences fail.
鈥淲hile a total system shutdown can feel extreme, it is sometimes the most responsible course to contain and assess the full extent of the threat. In an ideal world, organisations should already have segmented infrastructure, frequent scenario testing and well-drilled incident response teams in place. However, even with these defences, the pace of cyber threats can leave even the best defences scrambling.
鈥淭o move forward, retailers must treat cybersecurity as a cultural priority, not just an IT function. That means ongoing听employee training, scenario planning and continuous investment in both technology and people. Recent incidents underline the importance of readiness, but also of humanity in response. A retailer that acknowledges its vulnerability and speedily responds with integrity will often come out stronger, both in operations and in reputation.鈥
听
Anastasia Shamgunova, HR Director, Regional Network, at Kaspersky
听
听
鈥淲ith nearly two-thirds of cyber incidents caused by human error, the role of HR teams in creating an environment that enables employees to develop and boost their cyber skills is acute. The cyber attack on Co-op is a stark reminder that even well-established companies remain vulnerable when employee cyber literacy is not prioritised.
鈥淗R teams, together with other relevant departments, should adopt a systematic approach to cyber education, carrying out regular assessments of staff cyber literacy and implementing training to close knowledge gaps. Cybersecurity training must be a continual effort, not a one-off initiative.
鈥淭hese efforts must extend beyond non-IT staff. Kaspersky research shows that IT and IT security professionals are not immune to causing cyber incidents; in fact, they can be at greater risk than non-technical employees when accidental and deliberate actions are combined. In addressing today鈥檚 cybersecurity talent shortage, HR teams are well-placed to support upskilling strategies.
鈥淲ith 41% of InfoSec professionals reporting understaffed security teams and nearly half of companies taking over six months to fill cyber roles, organisations must look inward. Whether through tailored internal programs or automated awareness platforms like Kaspersky鈥檚 ASAP, which has improved the cyber skills of over 2 million employees worldwide, HR can lead the charge in making cyber resilience a cultural norm.鈥
听
Spencer Starkey, Executive VP EMEA at SonicWall
听
听
鈥淔irst things first, employees need to know how to protect themselves. Across the board, there must be implementation of strong security policies and procedures, good password hygiene, high-level encryption, as well as single sign-on and access control when it comes to cloud applications.
鈥淔rom a high-level business perspective, they must look to constantly monitor their network for suspicious activity, using security tools to detect where logins are occurring, on what devices. The sooner they can flag a potential issue, the risk of an attack dramatically lowers. Having a response plan to a cyber attack is of course paramount, and to their credit, more and more businesses have realised this.
鈥淚t鈥檚 important to have a technology partner that they can use, if need be, for remediation. HR teams must work closely with the IT teams, especially the CISO of the organisation to ensure they have full visibility on who to call if the unthinkable happens.鈥
听
For any questions, comments or features,听please contact us directly.
听
听
Arda B眉y眉kkaya, Senior Threat Intelligence Analyst at EclecticIQ
听
听
鈥淭he cyberattack affecting the听Co-op, which has forced the retailer to shut down parts of its IT system, is a stark reminder of how quickly cyber incidents can escalate and ripple through the sector.
鈥淲hile possible links to the recent M&S breach are still under investigation, it鈥檚 clear that attackers are increasingly opportunistic, exploiting vulnerabilities across interconnected supply chains and systems.
鈥淎lthough the specific nature of the听Co-op听attack hasn鈥檛 been confirmed, retail sector incidents are frequently tied to ransomware campaigns, DDoS attacks targeting customer-facing services, or supply chain compromises. Initial access is often achieved through phishing campaigns aimed at employees, unpatched public-facing applications, or compromised third-party vendor credentials.
鈥淩etailers must assume they are targets and prepare accordingly鈥攚ith robust network segmentation, regularly tested offline backups, and rehearsed incident response plans that include clear customer communication. Multi-factor authentication for administrative access, alongside continuous endpoint detection and response capabilities, is essential.
鈥淔or consumers, now is a good time to stay alert: monitor financial accounts, update passwords, and watch for phishing attempts leveraging this incident.
鈥淩etail continues to be a prime target due to rich customer data and the high cost of downtime. The听Co-op听breach should push all retailers to prioritise cyber resilience.鈥
听
听Teresa Lanowitz, Chief Evagenlist at LevelBlue
听
听
鈥淐reating a cyber resilient organisation both protects it from loss and, at the same time, creates an environment that fosters productivity and innovation.
鈥淎I tools promise us unprecedented levels of efficiency, optimised processes, and enhanced automation. But the blazing speed of its evolution 鈥 far faster than governance and regulations can keep up 鈥 is a reason to be cautious. AI tools are supercharging cyberattacks, allowing threat actors to rapidly identify and weaponize vulnerabilities and automate large scale ransomware and phishing campaigns.
鈥淓ffective leaders see cyber resilience as a core business function. They align cyber resilience with business decisions from the top and ensure that it is prioritised across the organisation. An organisation with a cyber resilient culture is a place where everyone, at every level, understands their role in cybersecurity and takes accountability for it 鈥 including protecting sensitive data and systems.
鈥淏usinesses must invest in cybersecurity measures to get ahead of risks, such as advanced threat detection and response, and exposure and vulnerability management technologies.鈥
听
Javvad Malik, Lead Security Awareness Advocate at KnowBe4
听
听
鈥淭he recent cybersecurity incident at The Co-op, following closely on the heels of a similar event at Marks & Spencer, underscores the growing cybersecurity challenges facing the retail sector. The Co-op鈥檚 swift response in restricting access to certain systems demonstrates a commendable prioritisation of cybersecurity.
鈥淭his incident highlights the critical role of technology in modern retail operations and its potential vulnerabilities. As retailers increasingly rely on digital systems for everything from inventory management to customer service, they inadvertently expand their attack surface, making them attractive targets for cybercriminals. No single system should be considered to be non business critical. All systems are reliant on one another and when one goes down or is compromised, it can have a knock on effect on others.
鈥淭he fact that other major retailers like Morrisons and WH Smith have faced similar challenges points to a broader trend of escalating cyber threats in the sector. This pattern emphasises the need for a more proactive and comprehensive approach to cybersecurity across the retail industry.
鈥淲hich is why it鈥檚 important that retailers view cybersecurity not only as an IT concern, but as a fundamental part of business. This involves not only investing in technical defences but also fostering a culture of cybersecurity awareness throughout the organisation where everyone plays their role in keeping the organisation secure.鈥
听
For any questions, comments or features,听please contact us directly.
听
听
Jamie Akhtar, CEO and Co-Founder at CyberSmart
听
听
鈥淭he attack on The Co-op is the latest example of a major retailer being targeted by cybercriminals. Many retailers are increasingly relying on IoT devices to do everything from product pricing to stock takes and, while this undoubtedly delivers some efficiency gains, it also brings risks with it.
鈥淚oT devices are notorious from providing cybercriminals easy routes into wider systems. They often come with rudimentary security as default and many businesses simply don鈥檛 realise the importance of updating things like operating systems and firmware regularly, meaning these devices are often riddled with vulnerabilities.
鈥淭here鈥檚 no suggestion yet, that this is what has happened in this instance. What鈥檚 more, The Coop should be applauded for doing everything right in their response to the threat. Nevertheless this is a growing risk for retailers, and it鈥檚 partly why we鈥檙e seeing so many high-profile attacks.鈥
听
Chris Hauk, Consumer Privacy Advocate at Pixel Privacy
听
听
鈥淲hile Co-op calls the incident an 鈥渁ttempted hack,鈥 parts of systems are not usually shut down if a hack was unsuccessful. That said, parts of the systems may have been shut down to apply patches and to allow for hardening of the systems before bringing them back up.鈥
鈥淐ustomers of the group鈥檚 grocery stores, legal and financial services, and funeral parlours (Wow! They have us covered from cradle to grave), should stay alert for any unusual activities on their accounts, both at the Co-op and other organizations, including their banking and credit card accounts.
鈥淥nce we know what, if any, data has been stolen, we鈥檒l better know what steps customers, and possibly employees, can take to protect themselves.鈥
听
Paul Bischoff, Consumer Privacy Advocate at Comparitech
听
听
鈥淐o-op is trying to downplay this attack by characterizing it as an 鈥渁ttempt鈥 to break into its systems, but if it had to shut down call centres and back office operations, then the attack must have succeeded to some degree.
鈥淚鈥檓 sure Co-op is investigating, but it could be weeks or months before we know the full extent of the attack and whether any personal data was compromised.鈥
听
For any questions, comments or features,听please contact us directly.
听
