It's been a rough few weeks for UK retailers. Marks & Spencer, the Co-op, and Harrods have all found themselves in the crosshairs of cyberattacks, some successful, some thankfully caught in time. But what's clear is this: attackers aren't just going after banks and big tech anymore. They're hitting the shops, grocers, and delivery services we rely on.
When these systems go down, it's not just about revenue or reputation.
It's about disruption to daily life, especially for older generations who increasingly depend on online grocery deliveries, click-and-collect services, and contactless payments. These conveniences are no longer "nice to have." They're essential.
So why are we still getting the basics of cybersecurity wrong?
- Staff not trained to spot a phishing scam or social engineering call.
- Critical back-office networks are not properly segregated from frontline systems.
- Multifactor authentication is still not enforced across all admin access.
- Patch management is treated as optional or deferred.
These aren't cutting-edge failures. These are fundamentals.
The recent M&S breach, for example, wasn't some clever state-sponsored operation. It was a classic credential theft followed by ransomware deployment. The group behind it used phone-based manipulation of helpdesk staff. That's not high-tech wizardry. It's an avoidable human lapse.
We can't just shrug and blame the hackers. Security teams, along with leadership, have a responsibility to protect systems that people rely on. This is especially true now, when so many of us, myself included, prefer or even need to use digital channels for shopping, banking, and communication.
Cybersecurity isn't just a tech issue. It's a quality-of-life issue. When shelves are empty because stock systems are offline or card payments fail, the vulnerable suffer the most. Many older people can't simply "go elsewhere" or "switch to another app." They trust that the systems in place will work, and they're entitled to that trust being earned.
We need to demand better. Not just after the breach but long before it.
