But retail is constantly evolving, and so is the security landscape. One just has to look at the range of recent high-profile cyber breaches hitting the headlines to see that, with a string of global brands suffering serious financial, reputational, and operational damage as a result of cyberattacks. In the aftermath of the breach Marks & Spencer suffered in April 2025, its share prices were significantly affected, with the firm estimating its losses as at least £300m. The same group of hackers (largely in their teens and twenties) later successfully targeting Jaguar Land Rover, which unfortunately led the company to make a number of employees across its supply chain redundant and close production lines worldwide.
The potential consequences of cyberattacks for any organisation are already well-documented, but the above cases highlight the extent to which retailers can be affected by a breach. Even if an effective DR strategy is executed and critical data restored, consumer and investor confidence will inevitably be affected, and any attempts to rebuild them will inevitably prove costly, with no guarantee of success. For example, when the Co-Op recently offered its members a £10 voucher after their data was stolen during an attack that left shelves at numerous shops sitting empty, its response was seen by many as inadequate, with one cyber expert arguing that consumers would prefer concrete reassurance that their data was secure.
And this is before we even consider the long-term consequences, such as increased insurance premiums, as insurers demand evidence that cyber security ecosystems are fit for purpose and will be continually updated in the future, or the potential for costly fines.
With all this in mind, the retail sector requires a new model of security that factors in the growing range of hidden attack vectors that bad actors are actively exploiting. So, let's consider how this would work in practice, beginning with the most recent steps of retail's digital journey...