Menu
Cyber-attacks on UK retail, manufacturing and engineering firms have spiked in 2025. Waves of sector-focused attacks have exposed how corporate defences are struggling to keep pace with increasingly sophisticated hacker groups that are pooling resources to exploit digital infrastructure and supply chain vulnerabilities. These multiple entry points can quickly cascade into systemic risk.
These incidents typically target the ‘CIA triad’, which represents the confidentiality, integrity and availability of IT systems and the data they hold. Confidentiality ensures sensitive information is accessible only to authorised users; integrity safeguards data accuracy and trustworthiness; and availability guarantees that systems and information remain accessible when required.
Cybercriminals tend to strike in concentrated sector waves that exploit shared weaknesses. Recent high-profile attacks have targeted household retailers such as Marks & Spencer and the Co-op, as well as Jaguar Land Rover and Collins Aerospace, which disrupted operations at Heathrow airport. Universities, charities, government departments and engineering firms have also been consistent targets. Engineering and manufacturing face particularly acute risks due to their economic importance and the sensitive nature of their work.
The UK is now estimated to be among the five most targeted countries for cybercrime worldwide, likely due to its highly digitalised economy and relative affluence only trailing the more populous countries of the US, China, Russia, and India.
Using a survey conducted in late 2024, the government’s Cyber Security Breaches Survey, found that phishing accounts for the overwhelming majority of incidents – around 85% – while ransomware attacks have doubled. In particular, the ransomware surge – which in recent years has hit organisations as diverse as the NHS, the Guardian and the British Library – led the National Crime Agency and National Cyber Security Centre to classify ransomware “as a risk to the UK’s national security”.
SMEs face particularly acute dangers. Limited budgets for software, training and governance create attractive targets, while legacy IT systems exacerbate risks. Ransomware groups now combine system lockouts with ‘double extortion’ threats to release stolen data. AI-powered phishing and social engineering campaigns make fraudulent messages virtually indistinguishable from genuine ones, while deepfakes convincingly impersonate senior executives to authorise payments. Supply-chain and software flaws create hidden backdoors, weak authentication exposes credentials, and denial-of-service attacks can paralyse customer-facing systems.
The financial and operational consequences are stark. In 2024, 43% of SMEs and 30% of charities reported a cyber-breach or attack – equivalent to around 612,000 UK businesses and 61,000 charities. More than 560,000 new cyber threats are detected daily, with four out of five aimed at SMEs.
Retailer Attacks as a Warning Sign
Earlier this year, British retailers were at the frontline of the latest wave of cyber-attacks, signalling systemic vulnerabilities. In April and May, the Scattered Spider group – a loose collective of hackers based in the US and UK, known for their aggressive extortion – launched a flurry of ransomware attacks. They combined social engineering tactics and help desk impersonation to obtain or reset employee credentials and access internal systems. Their aim is to steal sensitive data and threaten to release it, or cripple operations to force ransom payments.
Marks & Spencer was hit by a ransomware attack over the Easter weekend, forcing the retailer to suspend online orders and stock systems, which disrupted sales and exposed customer records. M&S said that no passwords were stolen and reported that the cyber-attack would cost around £300 million in operating profit for the financial year. A class-action lawsuit has reportedly been filed in Scotland by a law firm representing affected customers, underscoring post-attack legal risks.
Days later, the Co-op reported the theft of data from 6.5 million members, disrupting thousands of stores and wiping £206 million off its first-half revenues. In late September, luxury department store Harrods confirmed data relating to 430,000 customer records had been stolen via a third-party IT supplier in a data breach, marking the second attack in six months after an initial attempt in May.
Some of its customers have been contacted by the cyber criminals and in response Harrods reportedly said: “Negotiating with cyber criminals does not result in any guarantees as to what they may do with the information they have accessed”.
Adidas also disclosed a third-party breach that affected customer contact information, which illustrates cybersecurity vulnerability across supply chains. Globally, Louis Vuitton, Cartier, The North Face and Victoria’s Secret all confirmed cyber incidents in recent months.
Retailers are prime targets due to their vast customer data, dependence on uninterrupted operations, and extensive digital ecosystems. Supplier vulnerabilities, ranging from SME partners to multinational brands, underscore the need for businesses to have oversight of cybersecurity infrastructure across their partners and supply chains. Businesses are only as strong as their weakest link – with supply chains on the frontline.
Beyond retail: vulnerabilities spread
In September, Jaguar Land Rover suspended UK plant production for weeks after a cyber-attack that halted the production of around 1,000 vehicles a day, impacting 33,000 staff and its extensive UK supply chain, representing over 100,000 jobs. The large-scale attack demonstrated how a single manufacturing cyber-attack can cascade through smaller suppliers to compound real-world operational and economic consequences.
Around the same period, Collins Aerospace suffered a ransomware attack on its check-in and baggage handling systems, disrupting Heathrow, Brussels, and Berlin airports. The international incident caused delays, cancellations, and significant operational costs, while showing the sector’s dependency on a few global IT providers for critical infrastructure reliance. Elsewhere, engineering firms Smiths Group and IMI also suffered breaches. Smiths incurred £4 million in remediation costs without suffering trading activity losses. In comparison, IMI’s incident cost £25 million in one-time recovery and upgrade expenses, resulting in a revenue decline in one division.
Risks in focus
These sectoral cyber-attacks are rooted in shared vulnerabilities – complex and digitalised supply chains, high-value data, and third-party system dependencies that affect the broader economy. For SMEs, cyber risk is now a top priority for the boardroom. The implications extend far beyond IT:
BTG Advisory partners with SMEs to enhance governance, mitigate supply-chain risks, and integrate resilience into core operations. To discuss how our teams ranging from advisory to forensics can help your business protect value in an increasingly complex cyber threat environment, please get in touch.
Daily News Round Up
Sign up to our daily news round up and get trending industry news delivered straight to your inbox
This site uses cookies to monitor site performance and provide a mode responsive and personalised experience. You must agree to our use of certain cookies. For more information on how we use and manage cookies, please read our Privacy Policy.
