What: Co-op’s cyber attack resulted in over £120 million in profit loss and £300 million in lost sales, exposing critical vulnerabilities in retail operations and supply chains.

Why it is important: Co-op’s experience underscores that prevention alone is no longer enough, with rapid recovery and contingency planning now essential for retail survival.

The Co-op’s recent cyber attack has laid bare the scale of risk facing modern retailers, with the business suffering more than £120 million in profit loss and £300 million in lost sales for the year. The breach, which affected up to 20 million individuals, forced the company to revert to manual order processing for weeks, disrupting supply chains and daily operations. This incident is emblematic of a broader trend in retail, where sophisticated, multi-stage attacks—often involving social engineering and third-party vulnerabilities—are becoming more frequent and costly. Ransomware now accounts for 30% of retail security incidents, and third-party breaches represent 41% of cases, according to recent industry data. As cyber insurance premiums rise and only a small fraction of retailers have comprehensive resilience measures, the sector is shifting from a prevention-only mindset to one that prioritises rapid recovery and robust contingency planning. The Co-op’s ordeal highlights the urgent need for integrated security strategies and a fundamental reassessment of risk management to ensure business continuity and protect consumer trust.

IADS Notes: The Co-op’s swing to a loss after its cyber attack mirrors a sector-wide escalation in digital threats, with similar incidents at Marks & Spencer and Harrods in 2025. The average cost per ransomware attack has reached £1.4 million, and 41% of breaches are linked to third-party providers. These events have driven a 10% rise in cyber insurance premiums and forced retailers to prioritise resilience and rapid recovery, as only 2% of businesses have comprehensive measures in place. The operational disruption experienced by Co-op, including weeks of manual processing, underscores the vulnerability of retail supply chains and the need for robust contingency planning.

‘Like a bomb threat’ – Co-op looks forward as it grapples with cyber attack fallout