The Price of Insecurity: Cyber Attacks Disrupting Retail Giants
Why Cybersecurity is No Longer Optional for Retailers Facing Increasing Digital Threats
Dear Reader,
Three very different retailers—Harrods, Co-op, and Marks & Spencer—all recently found themselves with one thing in common: they were victims of cyber attacks. These incidents are part of a broader trend that’s increasingly shaping boardroom agendas and investor risk models.
In an upcoming article on JD Sports, we explore how the company, having previously suffered its own cyber breaches, responded by identifying “digital security” as one of its four strategic pillars in its 2023 strategy update—a clear acknowledgment of how critical robust cybersecurity has become to business continuity and brand trust.
Today, it’s no longer optional for businesses to underinvest in cyber resilience. The reputational and financial damage can be profound. M&S, for instance, has seen around £700 million wiped off its market value since the news of its breach. In the article, we’ll take a closer look at the attacks on Harrods, Co-op, and M&S, as well as other high-profile incidents—exploring both the operational disruption and the wider cost to shareholder value.
Who are Scattered Spider?
Scattered Spider is a highly active and sophisticated cybercriminal group known for targeting large Western corporations, especially in the United States and UK. Believed to be part of the broader "UNC3944" or "0ktapus" collective, Scattered Spider has gained notoriety for using social engineering, SIM swapping, and phishing techniques to gain access to corporate networks—often impersonating IT staff or employees to trick victims into handing over credentials.
Modus Operandi, Rather than relying solely on malware or ransomware, Scattered Spider excels at human manipulation—convincing help desks or employees to reset passwords or provide access. Once inside, they often deploy tools like remote desktop software or even partner with ransomware groups like ALPHV/BlackCat to extort victims.
Their most infamous attacks include the simultaneous hacks of MGM Resorts and Caesars Entertainment in 2023, where they used sophisticated social engineering to bypass security and disrupt casino operations. Caesars reportedly paid a $15 million ransom to restore its systems, while MGM suffered significant operational outages, including disabled ATMs and room keys.
M&S
Marks & Spencer (M&S) has faced a significant cyberattack, resulting in major operational disruption and a sharp impact on its financials and share price. Since the incident was revealed, M&S’s market value has dropped by over £700 million, with shares falling more than 9%-from 404p to around 374p-between April 22 and May 2, 2025.
The retailer’s online operations, which typically generate about £3.8 million per day, have been halted for over a week, compounding losses and affecting customer sentiment. Analysts estimate the direct hit to profits is already around £30 million, with an ongoing cost of approximately £15 million per week as long as the disruption continues.
Co-op
The Co-op suffered a recent cyberattack, attributed to the Scattered Spider group, exposed personal data of a significant number of its 20 million members, despite the company’s initial claims of minimal operational impact and no customer data compromise. The breach forced Co-op to shut down parts of its IT systems, affecting some back-office and call centre operations, but all stores remained open.
Harrods
Harrods also suffered a cyberattack in early May, with hackers attempting to breach its systems as part of a wave of retail sector incidents. The attack led to temporary restrictions on internet access and in-store payment disruptions
Major Cyber attacks in recent years
Virgin Media (2020): A misconfigured database left the personal details of 900,000 customers exposed online for nearly ten months. The breach, though not the result of a hack, led to a class-action lawsuit valued at nearly £4.5 billion, underscoring the reputational and financial risks tied to data mismanagement—even in the absence of malicious actors.
Travelex (2020): The foreign exchange firm fell victim to a major ransomware attack that crippled its operations across 30 countries for over four months. The company reportedly paid a £2 million ransom, but the disruption led to a £25 million hit in revenue the following quarter. Already financially strained, Travelex entered administration shortly thereafter and underwent a significant restructuring.
Interserve (2020): The former FTSE-listed construction and outsourcing group suffered a breach that compromised the personal data of 113,000 current and former employees. Attackers disabled antivirus systems and exfiltrated sensitive data, resulting in a £4.4 million fine from the Information Commissioner’s Office (ICO). The incident further destabilised the company, which eventually collapsed into administration and was later sold.
What businesiess need to do and good examples of some leading the way
To protect themselves against the growing threat of cyber attacks, businesses must shift from reactive to proactive cybersecurity strategies. This means treating cyber risk not just as an IT concern but as a core board-level issue. Key measures include regular penetration testing, zero-trust architecture, employee phishing simulations, and securing third-party vendor access—often the weakest link.
Some companies are setting the standard. Lloyds Banking Group, for example, has invested heavily in its in-house cybersecurity team and AI-driven fraud detection systems, enabling it to catch anomalies in real-time. Darktrace, while a cybersecurity firm itself, provides a model of self-defence by using machine learning to autonomously respond to threats before human teams can act. Meanwhile, Tesco has implemented an end-to-end digital risk framework that includes real-time monitoring and comprehensive training across all levels of staff—proving that even in low-margin, high-volume sectors like retail, security can be scaled effectively.
In Conclusion,
This is a particularly challenging moment for Marks & Spencer and serves as a stark reminder of how critical cybersecurity has become for modern retailers. It’s inevitable that analysts will be scrutinising the numbers and pricing the cyber attack into the share price. The formula is simple: the longer the disruption continues, the greater the impact on both operations and market confidence—and the more pressure on the stock.
What’s frustrating is that some companies may try to bury the true cost of these incidents within the balance sheet or downplay the extent of the damage. But the reality is, we live in an increasingly digital economy—where money, transactions, and even trust are just a few clicks away. From ordering a wardrobe to managing entire supply chains online, digital infrastructure is now the backbone of business. Companies must reflect that reality in their budgets and boardroom decisions by significantly increasing investment in cybersecurity. Anything less is a risk not just to operations, but to shareholder value.
If you liked this post, check out my most recent article on:
More Reading:
https://news.sky.com/story/who-are-scattered-spider-the-infamous-young-hacking-group-linked-to-mands-cyber-attack-13358559
https://www.telegraph.co.uk/news/2025/05/03/how-hackers-wreaked-havoc-on-the-high-street/
https://inszoneinsurance.com/blog/cyberattack-mgm-resort-explained
The information provided in this article is for informational purposes only and represents my personal opinions and analysis. It should not be construed as financial advice or a recommendation to buy or sell any securities. Investing in the stock market carries risks, and past performance is not necessarily indicative of future results. Readers are strongly encouraged to carry out their own research and seek advice from a qualified financial advisor before making any investment decisions. I do not accept any responsibility for any financial losses or consequences that may arise from reliance on the information presented in this article.