Could Your Business Survive a Cyberattack Like M&S and Co-op?

You may have heard in the news recently that renowned British retailers (Co-Op and M&S) have been targeted by the cybercrime service DragonForce. The consequences of each attack have been severe, with each brand facing vast organisational disruption, loss of customer data, and, as a result, haemorrhaging shareholder value, company profits, and reputation.

This blog post will examine the circumstances of this cyber attack, the perpetrators involved, and how it may affect the retail landscape going forward. Our main aim is to discuss the facts while hopefully prompting some thoughts about what might happen if your business were targeted by a cybercrime service.

Who Was Affected?

Several news stories and headlines have been published over the past few weeks depicting how two of Britain’s most recognised retailers, Marks & Spencer and Co-op, have fallen victim to a highly coordinated cyberattack orchestrated by the hacking collective DragonForce (more on them to follow).

While the media have rightfully focused on the devastating impact in the form of ransom demands, stolen customer data, and massive disruption to online services, what’s even more alarming is what these attacks reveal about the state of cybersecurity across UK businesses.

What Happened to M&S and Co-op?

Over Easter, both retailers suffered ransomware attacks that disrupted their IT systems, halted online orders, and exposed sensitive customer data. According to reports:

• M&S is expected to take a £300 million hit to profits.
• Online services are still delayed and may remain so into the summer months.
• Co-op, while faring slightly better, still endured significant operational disruption and data breaches.

These incidents aren’t just financial blows. They’ll undoubtedly lead to massive reputational damage. In terms of long-term effects, we’ll have to wait to see how both brands, as well as their employees, will be affected as the case advances.

What Were the Repercussions?

M&S Chief Executive, Mr Machin, believes that the £300 million hit to company profits will be offset by reducing costs and from the company’s cyber insurance policy

Who Is DragonForce—and Why Should You Care?

DragonForce, the group allegedly behind these attacks, is part of a growing wave of cybercriminal networks using sophisticated ransomware-as-a-service (RaaS) models. Other reports suggest Scattered Spider, a gang known for targeting English-speaking organisations, may be involved. However, this is all pure conjecture at this point.

What is clear is that these cybercriminal services and groups DO exist. They’re out there with malicious intentions and leveraging technological advancements to stay one step ahead.

What’s more, these organisations won’t stop at targeting giants such as M&S and Co-op; they’ll aim to target any business that has exploitable weaknesses. Whether you’re a nationwide chain or a growing small-to-medium-sized enterprise (SME), you're in a vulnerable position if your defences aren’t up to the task of protecting you.

Why This Is a Wake-Up Call for Every Business

Let’s be clear: M&S and Co-op have vast resources, dedicated IT teams, and cybersecurity insurance. However, even with those protections and deterrents in place, the road to recovery will undoubtedly be expensive and extensive.

Smaller businesses, or an SME with inadequate cybersecurity defences, may not be so lucky. A single breach could result in:

• Business operations being paralysed for weeks on end.
• Customer data being left exposed and held at ransom.
• Irreversible brand damage being inflicted.
• The very future of your business being threatened.

Cybersecurity is no longer optional in this day and age.

What Should You Do Next?

If reading this blog has got your hackles up and got your pulse racing, rest assured that you’re not alone. Many of our clients have reached out with questions and concerns regarding notable news stories such as this. The good news? Taking proactive steps today can help protect your business tomorrow:

1. The first step is making yourself aware of the severe consequences that can result from being the victim of a cyber attack.
2. Secondly, you want to get a clear understanding of your current position from a cybersecurity standpoint. You’ll want to find out:
   1. If your existing IT infrastructure is up to scratch, are there any devices or pieces of software that need to be updated to give you the best level of protection?
   2. You’ll also want to look into access controls and user behaviour. Are there stringent measures in place to ensure appropriate controls are enforced and regular training is encouraged?
   3. Backup and disaster recovery (BDR) systems are an integral part of an organisation’s ability to bounce back from a cyber attack. Your business will need to ensure that they have the right BDR tools for the job at hand.
3. Finally, we recommend booking a Comprehensive Cybersecurity Audit with our team of IT security experts before it's too late!

It’s not about scaring you – it’s about arming you with the knowledge and resilience you need to not only ward off cybercriminals, but to fight them off when they come knocking!

Reassurance and Final Thoughts

At Netitude, we are very much against scaremongering and fake news. We do our best to inform people about the real dangers of not having the right safety protocols in place to defend their businesses against the very real threats that are out there.

Cyberattacks like those on M&S and Co-op make headlines because they involve familiar names. But the real story is this: every business is a target. The difference between recovery and reputational ruin is preparation and taking the necessary decisive action.

If you’d like help reviewing your security posture or are just unsure about where your vulnerabilities lie, rest assured that our friendly team of experts is on hand to support you.