When Marks & Spencer’s online services went dark last week, it wasn’t just a technical hiccup. The high street giant had been hit by what’s euphemistically called a “cyber incident”—but in practical terms, it meant click-and-collect services halted, shelves going bare, and customer frustration rising. At the same time, the Co-op was forced to shut down part of its IT infrastructure. Behind both events? Likely ransomware attacks.
As the National Cyber Security Centre urged vigilance across the sector, one question echoed through boardrooms and broadcast studios alike: Why are retailers increasingly being targeted?
Retail: The Perfect Target
Sir Charlie Mayfield, former chairman of John Lewis, told the BBC’s Today Programme that these attacks are not rare at all.
“These attacks are happening a lot more than people think,” he noted. “Most don’t get anything like the coverage that a household name like M&S gets.”
Retail businesses offer a near-perfect storm for cybercriminals. They’re rich in personal data, rely on fast-moving digital supply chains, and depend on just-in-time logistics and fulfilment. In short, they can’t afford downtime—and attackers know it.
“[Hackers] go after organisations that they can cause disruption to,” Mayfield said. “Organisations that… they hope, will try and take steps to sort of remediate the action. It’s as simple as that. They’re after disruption and they’re after data with which they can effectively blackmail organisations into paying.”
The Economics of Disruption
Unlike a traditional robbery, ransomware doesn’t need to steal physical goods. It simply has to interrupt the flow of commerce long enough to make the target panic. With systems encrypted, files inaccessible, and online platforms down, many organisations face a chilling choice: rebuild from scratch (which takes time and money) or pay up (often in cryptocurrency) and hope for the best.
And it’s not just about IT. Mayfield explained that operational fallout is immense:
“It’s going to affect sales… and it’ll also be affecting the operations of the business in terms of the cost they’re incurring to fix it. The team at M&S will be working around the clock to resolve this.”
Retail is built on reputation and convenience—both of which crumble quickly in the face of digital paralysis. This vulnerability is exactly what makes them lucrative targets. At Cyber Tzar, we regularly help retailers assess these weak points before attackers do—especially where brand, fulfilment, and supplier systems intersect.
Click and Collect: A Double-Edged Sword
Online shopping has transformed retail, but it’s also opened up new attack surfaces. Services like click-and-collect, e-receipts, loyalty programmes, and mobile payments all require interconnected systems and constant uptime.
“Technology has completely changed business models… And as technology becomes more pervasive, the risk of this kind of attack rises with it,” Mayfield observed.
Each service added for customer convenience also increases the cyber attack surface. It’s why businesses working with Cyber Tzar often prioritise mapping interconnected risk, scoring exposure, and stress-testing fulfilment platforms—particularly in edge environments like stores, kiosks, and mobile points of sale.
Cyber Resilience Is a Moving Target
There’s a lesson here for every boardroom, not just those in retail.
“You can’t ever be fully resilient,” Mayfield concluded. “What you have to be is constantly improving your resilience.”
Investment in cybersecurity isn’t optional anymore—it’s part of the cost of doing business. But more than technology, it requires mindset: recognising that resilience is a process, not a fixed state. A score today means little if you’re blind to tomorrow’s risks. That’s why real-time visibility, like the kind Cyber Tzar provides, is becoming a strategic differentiator.
The Bottom Line
The rise in ransomware attacks against retailers like M&S and Co-op isn’t accidental—it’s strategic. Criminal actors are targeting sectors with high disruption potential, rich data, and limited tolerance for downtime. In other words: retail.
And unless investment in cyber resilience becomes as routine as stock replenishment or staff training, this won’t be the last time the tills fall silent.
Cyber Tzar helps retailers identify vulnerabilities before criminals do—quantifying risk, monitoring suppliers, and turning resilience into a measurable business asset.
If you’re ready to move from reactive to resilient, we’re ready to help.
Find out more: www.cybertzar.com
