SJUK hears exclusively from Mark Edgeworth, CEO of Hicomply about the 2025 spring-summer cyber-attacks and how impacted companies bounced back.
We’re just shy of one year on from the start of the spring-summer of cyber chaos.
The series of high-profile cybersecurity incidents plagued British businesses from the end of March 2025 and continued throughout the summer like a spate of sad festivals.
Starting with Marks & Spencer, the announcements felt relentless, with Co-op and Harrods following in quick succession.
The past year has changed how we think about cyber-incidents. The disruption was unusually and uncomfortably visible.
As systems went offline, online orders halted, shelves ran low and customers were suddenly aware of how dependent everyday services are on complex digital infrastructure.
Nearly a year later, the more interesting question isn’t who was breached – especially when it felt like who wasn’t? – it’s who managed to recover and move forward.
Marks & Spencer was first to feel the impact and its household-name status was, for once, unfortunate. The retailer confirmed a cyber-attack over the Easter weekend in March 2025 after detecting unusual activity across its systems.
Online ordering was paused while the company worked to contain the incident and investigate what had happened.
For several weeks, disruption rippled through its digital operations and supply chain.
While the attack was highly visible to customers, the business has since restored services and resumed online operations.
Alongside some pretty heavy press coverage, profits were hit hard, too.
The BBC reported revealed statutory profit before tax slumped 99% from £391.9m to £3.4m for the first half of the year, compared with the year prior.
Not long after, the Co-op Group disclosed its own cyber-incident after attackers gained access to core systems in late April.
Again, ordering and logistics systems were disrupted, leaving some stores with empty shelves and forcing parts of the business to revert to manual processes and cash-only operations while systems were secured.
The breach also exposed the personal data of around 6.5 million members, adding a significant reputational dimension to the crisis.
Financially, it was later reported that the attack contributed to an £80 million hit to Co-op’s operating profit and around £206 million in lost revenue in the first half of 2025 alone.
Despite that, the business did manage to restore systems and stabilise operations over the following months.
Luxury retailer Harrods, a brand not used to being seen amongst the ‘undesirables’, soon followed, confirming it had restricted access to parts of its systems after detecting an attempted cyber-intrusion in early May.
The business moved quickly to shut down sections of its IT infrastructure as a precaution while investigations were carried out.
Unlike Marks & Spencer or the Co-op, the disruption was largely contained before it could significantly affect store operations, with both physical shops and online services continuing to trade.
That swift containment is likely why the incident avoided the same level of operational and financial fallout seen elsewhere in the sector.
Here, decisive action in the early stages of an attack paid off.
Following two high-profile incidents before it, hyper-vigilance could have played a part in the business’s preparedness.
Later in the year, attention shifted from retail to manufacturing when Jaguar Land Rover suffered a cyber-attack that forced the company to halt production across several UK plants, including Solihull and Halewood.
Unlike the retail incidents earlier in the year, this attack struck at the heart of industrial operations. Manufacturing lines were brought to a standstill while systems were taken offline and investigations began, with production disruption lasting for weeks.
Because modern car manufacturing relies heavily on interconnected digital systems and just-in-time supply chains, the impact quickly spread beyond JLR itself.
Suppliers were forced to pause deliveries and dealerships faced delays as the ripple effects moved through the wider automotive ecosystem.
Analysts later suggested the disruption cost the UK economy nearly 2 billion pounds.
Into 2026, JLR had continued to report losses relating directly to the incident, demonstrating a long and painful recovery.
In the tricky numbers game that is when you might get hit – if not when – what matters far more is how organisations respond once systems are compromised.
In my experience, businesses that already have structured security frameworks in place, such as ISO 27001, are often better prepared because they have documented processes for incident response, risk management and reporting.
Those frameworks force organisations to think about governance, accountability and response planning before a crisis happens.
Without that structure in place, organisations often find themselves trying to build those processes in the middle of an incident, which inevitably extends disruption and increases regulatory exposure.
There’s also another looming risk we need to talk about. As cyber-incidents become more common, there is a danger that we simply accept them as the cost of doing business and that would be a huge mistake.
We shouldn’t slip into complacency or assume this is just how things are now.
The geopolitical backdrop is tense, cyber-warfare is a constant threat, and digital infrastructure has become a frontline in global conflict, but we’re becoming desensitised.
Large multinational organisations may have the resources to absorb the shock of a major cyber-incident, but many others don’t have that safety net.
Cash-strapped public services, local authorities and the small and medium-sized businesses that make up the backbone of the UK economy could struggle to survive a serious attack. For organisations that directly serve communities, whether that’s hospitals, councils or essential local services, the human impact of prolonged disruption could be devastating.
A year on from the cyber chaos of 2025, one thing is clear to me.
The organisations that bounced back fastest weren’t necessarily those that avoided disruption altogether.
They were the ones with the governance, visibility and preparation in place to respond quickly and restore operations with confidence.
Going forward, if we want to protect the organisations that underpin our communities and economy, we need to demand better than simply accepting cyber disruption as the new normal.
