Business

Cyberattacks Hit High-Profile Retailers – Is Your Business Prepared?

  1. Home Home
  3. Business
  5. Cyberattacks Hit High-Profile Retailers – Is Your Business Prepared?
6 May 2025

Recently, big names like M&S and Harrods have made headlines. Not for the usual reasons, but because of a major cyberattack.

The attack hit multiple retailers across the UK. Reports suggest customer data and internal systems were both affected, with some services going offline while others slowed down. It caused real disruption and raised even bigger questions about cyber security in general.

There’s a common belief that these things only happen to large companies, but actually, it’s the smaller ones that often face more risk. Their lack of resources means less security against cybercriminals. They also have less room to recover if something goes wrong.

In this blog, we’ll break down key sectors surrounding the cyberattack. By the end, you should have a clearer picture of whether your business is prepared or if there’s more that needs to be done.

1. Data Protection

The cyberattack highlighted a glaring weakness – data protection. Sensitive data was targeted, including the NTDS.dit file from Windows domains. This file holds important user credentials and Active Directory data. If compromised, it can lead to serious consequences.

This is a prime example of how valuable data can be exploited if not protected with robust measures. Hackers gain access to internal systems, and in some cases, they can impersonate employees or customers.

When sensitive data is exposed, it can hurt your business both financially and sentimentally. Customers lose trust and confidence. To keep your data safe, you need strong security.

Think of data encryption as your first line of defence. Afterwards, implement multi-factor authentication to prevent hackers from slipping through the cracks. You can also consider training your employees on the topic for added security.

2. Operational Continuity

When systems go down, even for a short while, the effects spread fast. The recent cyberattack caused delays in transactions, customer service issues, and in some cases, store closures.

This is a major inconvenience for your customers, and it also costs you revenue. If your operations rely heavily on digital systems, any kind of breach causes downtime.

Payments, communication, and inventory tracking; all of it gets hit. In situations like these, the absence of a clear backup plan can make recovery harder. It’s essential to have a business continuity plan in place to ensure smooth operation.

As a business owner, you may have been more focused on other day-to-day operations and might not have had the time to set these up. However, this attack is a stark reminder as to why you should consider these things.

3. Third Party Risk

Cyber security doesn’t start or stop at your doorstep. In many cases, the entry point isn’t internal. It’s a third-party vendor. The recent cyberattacks on UK retailers have raised concerns about shared technology vendors being potential breach sources.

Retailers work with multiple vendors daily. Payment processors, delivery firms, and software providers all hold some access over their systems. If one link fails, the chain breaks. Essentially, if a third party is connected to your systems, their risk becomes yours.

In such cases, it helps to review third-party access often. Limit what external partners can see or use. Revoke access when it’s no longer needed. Also, make sure every vendor follows basic security practices.

It is now more important than ever to recognise that vendor security is part of your responsibility too. This doesn’t have to mean adding friction to everyday operations, but you might need better visibility into who’s accessing what.

4. Endpoint Vulnerabilities

One key lesson from the recent cyberattack is how endpoints can be prime targets for hackers. Staff laptops, POS systems, and handheld devices are often scattered across multiple locations in large retail environments. They’re updated at irregular intervals and can be potential weak spots in your cybersecurity.

If even one device is compromised, it can serve as a gateway into wider systems. This is especially true when endpoint security isn’t monitored properly. You might not notice it until it’s too late.

Regularly checking which devices are connected to your systems, making sure all your devices are up-to-date, and watching for unusual activity are good starting points.

You just need to be consistent in your approach to your endpoints. With remote access being so common in working environments, the need for proper endpoint management is at an all-time high.

Contact Redpalm to Protect Your Business From Cyberattacks

Cyberattacks will always keep evolving. The recent events show that SMEs and big businesses are both vulnerable to cyber threats. It showed how quickly things can spiral without robust security measures.

Now that you’ve seen how these attacks unfold and the impact they can have on businesses, you might be wondering where your own security gaps are. That’s where professional IT support can help greatly.

Redpalm is a managed service provider (MSP) and a trusted cyber security partner. We equip your business with advanced IT infrastructure to swiftly identify and neutralise any security risks.

Our wide range of services includes IT audits and health checks, technology procurement, vulnerability assessments, endpoint management, and more.

To learn more about our managed IT services, click here or contact us to schedule an appointment today.

Search For Posts

Subscribe To Our Newsletter

Subscribe to receive industry news and insights.

    Trending Articles

    small business IT support, woman holding computer smiling

    5 Business IT Support Priorities You Should Consider
    phishing email scam, paper email icon on a hook above a laptop

    A Deep Dive Into HR Phishing Email Scams

    Software Licensing – Why Is It Important?

    Adam

    LinkedIn

    Service Delivery Manager

    Adam joined Redpalm in 2015 as an apprentice on the service desk and in the following 10 years has worked his way up to becoming the Service Delivery Manager. He continues this progression by expanding our existing customer base and working closely with customers to build a personable relationship and offer Redpalm’s service recommendations.

    Read Full Bio

    Latest From The Blogs

    hybrid IT workload placement, two system managers in a server room
    Hybrid IT

    How to Create the Right Hybrid IT Workload Placement Strategy

    Hybrid IT workload placement involves assigning applications and data to the most appropriate environment, such as cloud, on-premises or edge, based on factors like performance, latency, compliance and cost. A structured framework helps avoid common pitfalls, including vendor lock-in and poor scalability, enabling IT teams to make informed, secure and flexible infrastructure decisions.

    Read More
    ai threats cyber security, close up shot of a notebook used by IT professionals to run AI software
    Cyber Security

    Why AI-Generated Threats Are Outsmarting Old-School Security Controls

    AI-driven cyber threats now use deepfakes, adaptive malware, and autonomous tools to bypass legacy defences. UK businesses are increasingly targeted, with reported breaches involving AI impersonation and data extraction. Traditional controls can’t keep up with these evolving threats. Effective protection requires AI-assisted detection, multi-layered strategies, and external support from cyber-focused managed service providers.

    Read More
    IT outage disaster recovery plan, a person working on a laptop in a data centre
    Cyber Security

    Can You Recover from a Major IT Outage in Under 2 hours?

    If you don’t have a disaster recovery plan for your business yet, you might still have key questions about disaster recovery plans. Is it possible to recover from a major IT outage in 2 hours in the UK? Can any plan be strong enough to allow for a 2-hour IT recovery? These are the questions that we’ll be addressing in this blog. We’ll explain what fast disaster recovery in the UK looks like and how you can plan to quickly resolve your issues.

    Read More
    Cyber Security

    Is Your Business Ready for the End of Windows 10 Support?

    In this blog, we’ll explain what the end of Windows 10 support means for businesses, covering the risks, technology challenges, and how your business can stay secure with the right support.

    Read More
    it audit and cyber insurance, 2 technicians finding cyber security gaps in encrypted data on a computer
    Cyber Security

    Can IT Health Checks Lower Your Cyber Insurance Premium?

    In this blog, we’ll explain how IT audits reduce cyber insurance premiums and provide you with a cyber insurance readiness checklist. You’ll also find practical steps to prepare your IT systems and documentation for renewal with support from Redpalm.

    Read More
    jaguar land rover cyberattack, hackers planning in front of multiple screens with the world map on them
    Cyber Security

    4 Lessons SMEs Can Learn from the Recent Jaguar Land Rover Cyberattack

    In August 2025, Jaguar Land Rover suffered a cyberattack that halted production and disrupted supply chains. The incident highlights the operational and financial risks of IT outages, the importance of a clear incident response, and the vulnerability of all businesses. SMEs can learn key lessons to strengthen continuity and cyber security.

    Read More
    Cyber Security, Hybrid IT

    How to Provide Endpoint Security for Remote Teams Without Slowing Productivity

    Securing remote workforces requires balancing protection and productivity. Core measures include endpoint detection and response, patching, VPNs, monitoring, recovery, and staff training to reduce risks without slowing workflows. Modern endpoint management tools and zero-trust approaches help small and large businesses stay resilient, compliant, and efficient.

    Read More
    it outsourcing cost benchmarking, 2 IT experts on a headset call in front of a computer
    Cyber Security

    Are You Overpaying for IT Support? Benchmark Outsourcing Costs in 2026

    IT outsourcing costs for UK SMEs in 2026 are expected to vary significantly depending on pricing models, business size, user numbers, and SLA scope. Typical benchmarks will range from £15 to £175 per user, per month, or £60 to £200 per hour. Key cost drivers will include hybrid working, cyber security requirements, and compliance pressures. Using IT outsourcing cost benchmarking tools and independent audits will help ensure spending aligns with service quality and market value.

    Read More
    chrome security update, cropped shot of a person using a computer
    Cyber Security

    How Chrome’s Latest Security Update Reflects Cyber Threat Evolution

    Google Chrome faced 5 zero-day vulnerabilities in 2025, patched quickly to counter active exploitation. These incidents highlight how rapidly cyber threats evolve and why timely updates are critical. Businesses must adopt structured patch management and monitoring strategies to reduce risk, maintain continuity, and strengthen resilience.

    Read More
    outgrowing internal it team, IT professional around computer screens listening to an employee query in the office
    Managed IT Services

    How to Recognise When Your Business Has Outgrown Its Internal IT Team

    In this blog, we’ll explain clear signs you’re outgrowing your internal IT team and why it might be a good time to outsource your IT infrastructure and operations to a trusted provider.

    Read More