In recent weeks, cyberattacks at prominent U.K. retailers have caused significant disruptions in operations, highlighting cyber vulnerabilities in the retail sector. In this article, we identify the common pitfalls in establishing cybersecurity measures and outline a two-step approach to boost resilience.

What Happened?

Widely reported cyberattacks on household retail names this year demonstrate significant gaps in cyber resilience. A well-known national retailer saw hundreds of millions of pounds wiped from its market value following a ransomware attack. Another grocer scrambled to shut down parts of its IT infrastructure, while a luxury department store was forced to limit internet access internally to thwart an attempted attack.

High digital dependency, sprawling IT ecosystems and a growing reliance on third-party services have left retailers open to vulnerabilities, highlighting the need to match expansion efforts and tech innovations with sufficient investment in cyber resilience.

In the past five years, cyberattacks have cost U.K. businesses around £44 billion in lost revenue¹, while while the recent incidents have prompted a hiking of insurance premiums across the retail sector².

To protect themselves, companies must address not just technical gaps, but a mindset that still treats cybersecurity as an IT issue rather than a boardroom one.

The latest string of cyberattacks have exposed weak links beyond the obvious, affecting recruitment, customer service and internal operations. They highlight the fact that digital dependencies are so embedded into the overall system that retailers don’t just sell online anymore, they run online.

That means IT systems and cybersecurity must be treated not as an isolated business function but as core to overall strategy and a fundamental operational pillar.

Identifying the Pitfalls

Companies must take steps to identify both the vulnerabilities before an attack (such as a delay in threat detection) and common challenges in the aftermath of it, which can range from operational disruption to reputational damage.

In the retail sector, the following are typical root causes of cyber issues:

• Outdated systems and complex application landscape, leading to high exposure to vulnerabilities and difficulty in threat identification
• Poor development practices, exposing code to hackers and criminals with malicious intent
• Cost pressures leading to simplification or elimination of further check of procedures

Left unaddressed, these issues can have far-reaching ramifications in the event of a cyberattack:

• First order: Due to the lack of services, the inability to fulfil daily sales can lead to the immediate loss of revenue and takings.
• Second order: Supply-chain backups can create overstocking cost and inventory risks.  When retailers move stock to stores to try to fulfil business in-store, but lack full system support and  normal stock data integrity, it can often lead to overstocking. Also, returns can create overtime staffing costs and disgruntled customers waiting on refunds.
• Third order: Ongoing forecast inaccuracy can be driven by stock data inaccuracy generated by the off-system workarounds, affecting future demand fulfilment. Beyond these specific dysfunctions, there is an overall deterioration of customer trust in digital platforms.

A Two-Step Improvement Approach

Based on our extensive experience working closely with companies to increase resilience across business functions, we recommend a two-step approach

1. Immediate action: Shut windows and doors

• Conduct a thorough assessment to identify exploitable vulnerabilities and determine immediate actions needed to mitigate risks.
• Allocate short-term investments to execute the actions.

2. Strategic planning: Programmatic diagnostic and sustainable investment

• Conduct a comprehensive IT and cyber diagnostic to understand the full scope of exposure.
• Identify risk reduction measures in the mid-term to secure critical information assets and allow time to plan a full modernisation.
• Design and implement a robust IT operating model that supports long-term security, efficiency and scalability.
• Develop a strategic IT and cybersecurity roadmap, aligning initiatives with business goals for sustainable growth.

Conclusion

The recent attacks serve as a stark reminder that cybersecurity is not solely a technical issue but a critical business concern. Proactive measures, strategic investments in IT and cybersecurity and a culture of security awareness are essential to safeguard operations and maintain customer trust.

How A&M can help

A&M’s integrated team of cybersecurity and business technology experts supports boards and executive teams across the full resilience lifecycle:

Immediate Response & Containment: We assist in conducting rapid assessments to identify active threats, contain breaches and implement urgent fixes, minimising disruption and safeguarding critical operations.

Cyber & IT Diagnostic: We deliver a holistic view of your IT and cyber posture, uncovering legacy risks, technical debt and exposure across infrastructure, applications and development practices.

Risk Reduction Measures: Our combined team will design pragmatic mid-term corrective actions to allow the organisation to reduce risk exposure whilst minimising business changes.

Modernisation Planning: We provide longer term support of internal teams to design risk-aligned roadmaps to modernise IT environments, strengthen cyber controls and prioritise investments that enable resilience and scalability.

Operating Model & Governance: We help establish sustainable IT and cyber operating models, integrated with risk management and tailored to business priorities to ensure long-term value and preparedness.

From incident response to strategic transformation, we bring a business-first mindset to technology resilience.

Footnotes

¹https://www.reuters.com/technology/cybersecurity/cyberattacks-cost-british-businesses-55-billion-past-five-years-broker-says-2024-11-25/

²https://www.ft.com/content/190803d9-e646-4a58-8cd2-9a627cf40bb1