Cyberattacks are a lucrative business

This article is available for reading in Trade magazin 2025/10.

Although the basic form of these actions – such as the use of ransomware – hasn’t really changed, AI has made these attacks much more targeted and personalised, according to Charlotte Wilson, head of corporate sales at Check Point Software.

Unprecedented series of attacks

Recently there has been quite an uproar over the fact that several well-known UK retailers, including Marks & Spencer, Co-op and Harrods, have been targeted by cyberattacks. In the wake of these incidents M&S reported GBP 300m in damages and according to a July statement by Co-op’s CEO, the data of all 6.5 million members (names, addresses, contact details) fell into the wrong hands. A survey published by GlobalData in August reveals that nearly one-fifth of British consumers are considering reducing or completely abandoning their online shopping as a result of these events. In most cases the primary target of attacks is the retailer: the ransomware blocks its systems and demands a ransom for restoring access to the data. However, there may be a second level to the attack, which is aimed at using the data obtained: it can be sold to other criminals who use it in phishing campaigns against customers.

Deceptive messages generated by AI based on customers’ past purchases, loyalty programs, or preferences appear much more realistic

Not the most vulnerable yet, but already an easy-to-find target

In spite of the fact that attacks on retailers get significant media coverage, according to Check Point data, the sector is currently only the fifth most frequently attacked in the UK, with education, public administration and healthcare being much more in the spotlight of hackers. Retail is hit by around 300 attacks per week, which isn’t insignificant, but not an extreme number either. However, because these incidents take place in the public eye, the reputational risk is big. The retail sector is vulnerable to attacks on significantly more fronts than market players in other industries. As the GlobalData data cited above suggests, strengthening digital trust is key, especially for retailers who operate exclusively online and are unable to direct distrustful customers to physical stores. Retailers should strictly monitor third-party access, thereby “closing the gap” in the shield created by suppliers, especially smaller companies, whose cyber security protection isn’t always good. It is also important to work on improving cooperation between security and IT teams, so that they can quickly and effectively address common vulnerabilities (CVE – Common Vulnerabilities and Exposures).

UK government tightens cyber security rules

In accordance with the new regulations, public sector institutions and organisations operating critical infrastructure (hospitals, schools, and local governments) will be prohibited from paying ransoms to attackers. Companies operating in the private sector that pay ransoms will be required to notify the government in advance if they intend to carry out such a transaction. The government is also considering introducing mandatory incident reporting, which would help track threats.