Members news from around the county
Lessons learnt from M&S and Co-op cyber attacks for SMEs

Recent cyber attacks on major UK retailers M&S and Co-op are a stark wake-up call about the business impact of modern cyber crime.  

These breaches led to serious operational disruption and data loss, underscoring that even the biggest companies can be caught off guard. Having the right plan and good cyber hygiene means SMEs can safeguard their continuity, reputation and finances. 

Business continuity at stake 
Britain’s National Cyber Security Centre warns that cyber attacks are increasingly common and “all organisations, of all sizes, need to be prepared”. 

A cyber attack can bring day-to-day operations to a standstill. M&S, for example, had to suspend all online orders in late April due to a major cyber attack. Even two weeks later, its website and app remained offline – a shutdown that analysts estimated had already cost about £30 million in lost sales.  

Just days after the M&S incident, Co-op experienced its own disruption. Some stores were limited to cash-only payments as card systems went down, and deliveries of fresh stock were disrupted, leaving shelves empty. The Co-op also shut back-office systems as a precaution.  

These examples show how a single breach can threaten business continuity, bringing normal services to a halt and hurting the bottom line. 

Reputational damage and data breaches 
Cyber attacks also carry a high risk of data breach and reputational harm. M&S confirmed that hackers stole personal customer data – including names, contact details and dates of birth – though no usable payment card details or passwords were compromised. Even without financial data involved, the breach was a blow to customer trust. 

At Co-op, hackers accessed data on a “significant number” of members, exposing millions of customers’ names and contact details. Even though Co-op avoided a full shutdown of stores, the incident showed how a cyberattack can quickly tarnish a trusted brand’s reputation. 

Read more to learn about how SMEs can mitigate future attacks and how you can protect your business. 

Author: Benn Davis, Managing Director of Moore Clearcomm
 

© 2025 Essex Chambers of Commerce & Industry Ltd, All rights reserved.
Registered in England No: 02981688 Registered Office: Launchpad Southend - Office S8, Airport Business Park, Cherry Orchard Way, Rochford, Essex SS4 1YH

Terms and Conditions | Privacy Policy