The UK’s cyber resilience has been thrown into question after 2025 has already been the year of multiple major cyber attacks.
According to the UK government, more than four in ten businesses and three in ten charities have reported having cyber security breaches in the last 12 months. Among them, big brands such as M&S, Co-op, and Harrods have been forced to halt online operations to deal with cyber crime.
It has felt to many as though these British brands have toppled like dominoes, one after another, in just a matter of weeks.
But how have these landmark British brands been taken down by hackers? What does it mean for the UK’s cyber resilience? Is cyber crime on the rise? And what can businesses do to protect themselves?
M&S
The first to be hit was retailer Marks & Spencer over Easter weekend. The group was forced to stop taking online orders.
Stores also struggled to remain stocked, and concerns had been raised about digital monitoring systems.
The chaos began with click-and-collect order problems and issues with contactless payments, but soon spiralled across the business, affecting online groceries and stores.
The cyber attack was linked to a hacking collective, known as Scattered Spider.
Analysts at Deutsche Bank estimated that the attack cost M&s around £30 million and will continue to hit the retailer by £15 million a week. Some of that cost will be covered by insurance, but the longer the problems persist, the more costly it will be for the retailer giant.
M&S’ misery only worsened when it was revealed that customer data had also been compromised during the attack. It has since been revealed that the hackers were able to gain entry through a third party who had access to systems.
Customers can however rest assured that card information was not leaked during the data breach. The same cannot be said for other customer data, such as names, phone numbers, email addresses, and order histories, some of which is believed to have been stolen during the attack.
Online customers are now being prompted to change passwords upon re-accessing their accounts. The retailer is set to share its annual financial results on Wednesday, which should share the extent of the damage.
Daniel Todaro, CEO of retail marketing agency Gekko Group, said: “I believe the damage to the M&S brand will be negligible, as modern consumers are more sympathetic, that is unless it transpires that this is not merely an access issue to process online orders, but in fact a wider data incident that has exposed M&S shoppers.
“M&S are doing the right thing to keep it real, drip feeding information to avoid those who are at the cause to ascertain the level of damage or measures being implemented to fix the issues. Malicious hackers will revel in understanding the true extent of the damage and look to thwart the efforts being made to rectify the issue.
“The promising sign is that M&S are in control of the situation, and whilst the share price may have been impacted, the business and its share price will hopefully bounce back after this event. This could also possibly be to the benefit of loyal customers, who I'm sure will be incentivised to return and shop in their droves, both online and in-store, by way of compensation for the inconvenience caused.”
Co-op
Marks was not the only retailer to be hacked as it turns out. Co-op was the second British retail giant to be infiltrated by cyber criminals.
Initially, Co-op said it had taken “proactive measures” to fend off hackers and assured the public that customer data had not been compromised. Those proactive measures included shutting off parts of its IT systems, impacting stores nationwide.
A spokesperson for Co-op later said that the hackers “accessed data relating to a significant number of our current and past members.”
The criminals, who go by the name of DragonForce, also claimed to be responsible for other attacks on M&S and Harrods, and said they had the private information of 20 million people.
DragonForce apparently were trying to extort the company for money. The ransomware group operates a cybercrime service so that anyone can use its software to carry out attacks.
Co-op has now said its stores are receiving regular deliveries and its operations are nearly back on track.
Harrods
Luxury retailer Harrods was also targeted by a cyber attack on May 1.
Harrods restricted internet access to the store’s sites and told The Standard: “We recently experienced attempts to gain unauthorised access to some of our systems
“Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today.”
Its stores, including the flagship store in Knightsbridge, H Beauty stores, and airport stores remained open.
Legal Aid
The Legal Aid Agency has most recently announced it was victim to cyber attacks in April.
The Ministry of Justice confirmed that the personal data of hundreds of thousands of legal aid applicants in England and Wales going back to 2010 has been accessed and downloaded.
Data accessed includes addresses, contact details, national ID numbers, criminal history, and financial data.
The hackers behind the attack are claiming to have accessed 2.1 million pieces of data, though this figure has not yet been verified.
A source at the Ministry of Justice put the breach down to the “neglect and mismanagement” of the previous government, who allegedly knew about the vulnerabilities of the current Legal Aid system but did not act.
Members of the public are being urged to remain vigilant and take the time to safeguard themselves.
Jane Harbottle, Legal Aid Agency Chief Executive, said: “I understand this news will be shocking and upsetting for people and I am extremely sorry this has happened
“Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency
“However, it has become clear that, to safeguard the service and its users, we need to take radical action. That is why we’ve taken the decision to take the online service down.”
The close of the Legal Aid website has raised concerns about preventing small businesses from accessing an important public services.
Dior
Outside of the UK, companies have not been exempt from cyber attacks. French fashion house Dior was another high-profile retail firm to be hit.
The company confirmed that customer data had been breached, with a message posted on the firm’s South Korean website. Customers in China were also notified of the incident.
In a statement, Dior said no financial data was impacted and it was in the process of informing customers where necessary.
“The House of Dior recently discovered that an unauthorised external party accessed some of the customer data we hold,” Dior said.
“We immediately took steps to contain this incident. The teams at Dior, supported by leading cybersecurity experts, continue to investigate and respond to the incident. We are notifying all the relevant regulatory authorities.”
The company did not confirm which regions had been affected.
Why are retailers being targeted?
It’s worth asking why cyber criminals are targeting retailers. Jonathan Lee, director of cyber strategy at Trend Micro, said: “Cyber-attacks targeting some of the UK’s best-known retail brands, such as M&S, Co-Op, and Harrods, are a wake-up call. Retailers are an attractive target for hackers and uniquely exposed to a high level of cyber risk.
They’re targeted because of the large amounts of valuable personally identifiable data (PII) they process and the integral nature of business uptime that makes ransomware and extortion attacks particularly disruptive. The industry’s heightened cyber risk level lies in operations spanning multiple sites, each with their own IT solution, extensive third-party supply chain dependencies, high staff turnover and a reliance on legacy systems.”
Are cyber attacks on the rise?
Businesses and brands alike will no doubt be looking to bolster their cyber security and cyber hygiene in light of these four very prominent attacks.
However, Tom Draper, managing director of Coalition UK, an active insurance provider specialising in digital risk, said that it is small businesses that are more likely to be impacted.
He said: “"While the overall volume of cyber and ransomware attacks has remained relatively steady, the recent focus on large, household-names has brought the issue into the national spotlight. When the public sees empty shelves or disrupted services, the effects of what is usually a behind-the-scenes digital event become much more tangible.
"However, this visibility masks a deeper concern. Coalition Research team found that of the 133 UK companies publicly listed by ransomware groups in 2025, three in four had fewer than 200 employees. In fact, more businesses with fewer than 10 employees have been impacted than those with over 10,000. While major retailers like M&S and Co-op have the resources – and often the cyber insurance – to weather such incidents, most SMEs lack both the financial resilience and the protection to recover quickly. Cyber risk is no longer just an IT issue, it's a fundamental business continuity threat that smaller and medium size firms must urgently prioritise."
How dangerous are cyber attacks?
Data breaches can sound scary. However, Adam Blake, founder and CEO at ThreatSpike, said: “The data itself is not actually that valuable to anyone. The retailers and threat group both know this, and in the case of M&S, there’s no actual indication the data has been shared yet with anyone.
“A lot of experts who are talking about the M&S breach, for example, are trying to tailor their talking points to a wider audience, arguing that the breach will lead to targeted phishing attacks against consumers. It just doesn’t happen, and it’s frustrating to see that kind of knee-jerk reaction when it’s not based on empirical evidence.
So what are these retail hacks really about? The power of optics. The main damage, especially in M&S’ case, was to business continuity, wiping out their ability to take orders, and incurring massive reputational damage. Most companies hope to get their systems back up in 5-10 days, but the disruption in this case has persisted for weeks. The subsequent fallout will be severe. People will ask questions: Why was everything so reliant on on-prem IT? Why was there no business continuity? How did they pass their compliance audits?”
What should businesses do to combat cyber-attacks?
Lee said that retailers should look to update Point of Sales terminals and consider segmenting them from other parts of the network to limit a hacker’s ability to move around a network if they manage to break in.
Multi-factor authentication is also a good idea for all businesses to limit the risk of stolen user credentials as a key to unlocking the network. Training can also help staff to spot scam messages, which is increasingly important given the rise of deepfake and AI-powered tactics, said Lee.
Barry O Driscoll, partner at Perkins Coie, said that training staff is particularly pertinent given that the attackers used social engineering to manipulate IT help desk staff in the case of M&S. This method is responsible for more than 70 percent of breaches. He added that securing infrastructure is important, but so is training your staff to identify social risk factors.
