Estimated reading time: 3 minutes
M&S Cyberattack Set the Stage for a Sector-Wide Alarm –
Earlier this year, Marks & Spencer suffered a devastating cyberattack. The breach was severe, costing at least £300 million in lost profits. Chairman Archie Norman described the attack to Parliament as “traumatic.” The attackers used sophisticated impersonation and exploited M&S’s legacy systems. This event exposed systemic flaws in the digital infrastructure of one of the UK’s most iconic retailers.
New KYND Report Finds Widespread Cyber Risk in Retail
KYND, a UK-based cyber risk firm, has now confirmed the scale of the risk. In a new report, KYND found 80% of the UK’s top 50 retailers face at least one critical vulnerability.
The report used external scanning tools to assess each retailer’s digital footprint. These tools identified serious flaws across five major threat categories:
- Email security
- Ransomware exposure
- Outdated software
- Vulnerable services
- Certificate issues
Critical Findings Across Five Threat Categories
The breakdown of vulnerabilities is stark:
- 80% of retailers had email security weaknesses
- 72% had certificate issues
- 70% used vulnerable services
- 70% ran outdated software
- 58% were exposed to ransomware risks
These issues were visible externally. That makes them easy targets for cyber attackers.
Get The Cyber Insurance News Upload Delivered
Every Sunday
Subscribe to our newsletter!
Email Security: Retail’s Weakest Link
KYND identified 9,239 critical email security flaws. These flaws allow phishing, spoofing, and unauthorized access. Andy Thomas, KYND CEO, warned, “Even a seemingly minor oversight — like an expired certificate or unpatched software — can quickly become an open door to attackers.”
Overlapping Risks Compound Cyber Exposure
The report found that 38% of retailers faced critical risks in all five categories. Overlapping vulnerabilities create compound risk. Attackers can chain exploits together to penetrate deeper into systems.
Thomas called the results “a wake-up call” and emphasized the need for fundamentals: “Visibility, prioritisation, and proactive monitoring.”
3 Minute Watch – Marks & Spencer Cyberattack: £300 Million Wake-Up Call for UK Businesses
KYND’s Five Steps for Retail Cybersecurity
To reduce systemic vulnerabilities, KYND advises the retail sector to:
- Map digital infrastructure and identify exposed assets.
- Remediate high-impact vulnerabilities, especially from CISA’s KEV list.
- Fix foundational issues like email configurations and certificate renewal.
- Adopt continuous monitoring, not periodic scans.
- Evaluate and manage third-party risks across supply chains.
Thomas added, “Cyber risk is a board-level concern with serious financial, operational, and reputational implications.”
Wake-Up Call for the Retail Sector
The Marks & Spencer attack and the attacks on other retailers are not isolated events; it was a warning. KYND’s data shows the entire UK retail sector is vulnerable. Retailers must improve basic cyber hygiene now. The stakes include operational continuity, financial survival, and public trust.
RELATED POSTS
