The April 2025 cyberattacks on Marks & Spencer, Harrods, and Co-op weren’t isolated incidents. They were a warning shot – revealing just how vulnerable retailers have become in a hyper-connected, high-volume, and digitally dependent industry.  

What makes these businesses so attractive to cybercriminals? And more importantly, what went wrong – and how can it be prevented?

A Perfect Storm of Risk

Retailers have dramatically expanded their digital operations in recent years. From e-commerce and mobile apps to in-store IoT devices and third-party logistics platforms, the average retail business now juggles dozens of interconnected systems. Each one is a potential entry point for attackers.