{"id":31334,"date":"2026-05-08T07:30:09","date_gmt":"2026-05-08T07:30:09","guid":{"rendered":"https:\/\/www.europesays.com\/britain\/31334\/"},"modified":"2026-05-08T07:30:09","modified_gmt":"2026-05-08T07:30:09","slug":"uk-retail-co-ops-face-up-to-the-rising-cyber-crime-threat","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/britain\/31334\/","title":{"rendered":"UK retail co-ops face up to the rising cyber-crime threat"},"content":{"rendered":"

Last year\u2019s cyber-attack on the Co-op Group<\/a> is just the tip of the iceberg. Other retailers \u2013 including Coop Sweden <\/a>\u2013 have faced problems, and agri co-ops, credit unions and energy co-ops around the world are vulnerable to a criminal practice that cost the world \u00a312tn
last year.\u00a0<\/p>\n

UK businesses face an estimated 21,315 cyber attacks daily \u2013 around 7.78 million annually \u2013 with a business targeted every 44 seconds. Small businesses alone encounter around 65,000 hack attempts daily, with 4,500 resulting in breaches.\u00a0<\/p>\n

Much of this is low-level, but every week the UK\u2019s National Cyber Security Centre (NCSC) handles four \u201cnationally significant\u201d incidents, which it deems to have \u201ca serious impact on central government, UK essential services, a large proportion of the UK population, or the UK economy\u201d. The 2025 figures marked a 50% increase in highly significant incidents for the third year running.<\/p>\n

The NCSC acts as the public-facing arm of GCHQ for cybersecurity, and in its Annual Review 2025, urged businesses to take a more integrated approach. \u201cFor too long, cybersecurity has been regarded as an issue predominantly for technical staff,\u201d said CEO Richard Horne. \u201cThis must change. All business leaders need to take responsibility for cyber resilience.\u201d<\/p>\n

Shirine Khoury-Haq, then-CEO of the Co-op Group, shared an open letter in the report. On 25 April, the Group, M&S and Harrods were the victims of a multi-stage cyber attack, as confirmed by the NCSC and the National Crime Agency (NCA).<\/p>\n

Related: Cyberattack knocks out systems at Canada\u2019s Federated Co-op stores<\/a><\/p>\n

\u201cWhile you can plan meticulously, invest in the right tools and run countless exercises, nothing truly prepares you for the moment a real cyber event unfolds,\u201d wrote Khoury-Haq. \u201cThe intensity, urgency and unpredictability of a live attack is unlike anything you can rehearse.<\/p>\n

\u201cDespite our swift and effective action to defend our Co-op from the hackers, some of our members\u2019 data was accessed, such as names, contact details and dates of birth. As a member-owned business, this affected us all deeply.\u201d<\/p>\n

The attack has been attributed to two loosely affiliated hacking groups: Scattered Spider (which uses advanced social engineering to breach organisations and deploy ransomware) and DragonForce (which deploys ransomware for cybercrime affiliates for a 20% cut of any ransoms collected). On 10 July, four people were arrested by the NCA on suspicion of blackmail, money laundering, Computer Misuse Act violations, and participating in an organised crime group. Another man, linked to Scattered Spider, pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft in the US after being extradited, with sentencing set for 21 August.\u00a0<\/p>\n

The attack had a financial impact estimated between \u00a3270m and \u00a3440m. M&S was hardest hit, with its online store closed for nearly seven weeks, while the Co-op Group had to shut down some of its systems, leading to empty shelves in some stores. Other retail co-ops in the FRTS buying group suffered significant operational disruption, impacting their financial results.\u00a0<\/p>\n

On the back of this, cybersecurity was a central theme at the 2026 Co-op Retail Conference, hosted by Co-operatives UK in Glasgow. In attendance was Longwall Security, a tech security company which works with several co-op retailers. \u00a0<\/p>\n

Related: Co-op and mutuals movements adjust to life on the cybercrime frontline<\/a><\/p>\n

\u201cWe were involved in setting up some initial security systems for Central Co-op (now OurCoop) nearly eight years ago, including some of their anti-malware solutions,\u201d says managing director Mat Cornish. \u201cWe liked working with them, they liked working with us, and we found the relationship just grew and grew.<\/p>\n

\u201cWe\u2019ve done more as they have wanted to push the boundaries, and we have pushed them on some of the security elements they should be doing. We are now an embedded part of their team and our team works alongside them every day. We do board sessions with them. We talk around risk and metrics. We work with the analysts, we work with the IT team, with everyone in the organisation. And it\u2019s that partnership aspect that has worked so well.\u201d<\/p>\n

Longwall came to the retail conference \u201cto talk more to other co-operatives about what that journey looked like,\u201d he adds. \u201cCyber support doesn\u2019t have to be a faceless ticketed system.\u201d<\/p>\n

Through OurCoop, Longwall has set up the Retail Cooperative Cyber Alliance, with the hope of involving other retail societies.<\/p>\n

\u201cCo-ops have a shared brand,\u201d said Longwall\u2019s sales and marketing director James Gibson, \u201cand a lot of that shared brand is out of their control. So we wanted to widen our support to the other co-ops to be able to help them.<\/p>\n

\"\"Mat Cornish (left) and James Gibson talk cybersecurity with delegates at the Co-op Retail Conference (image: Co-operatives UK \/ Robin Mitchell Photography)<\/p>\n

\u201cWe want them to take a driving seat and take ownership of it. At the moment we\u2019re meeting twice a year, but want to increase that to quarterly, collaborating on strategy, policy, processes around information and what they\u2019ve learned.\u201d<\/p>\n

The Alliance is currently invite-only, but Longwall is working to create a formal group, with Cornish warning that organisations aren\u2019t sharing the right information. \u201cAttackers don\u2019t care which co-op they hit,\u201d he says. \u201cThey care about disruption. And in the UK, when a co-op is hit, everybody feels it. So it\u2019s about working together, being more open, sharing that intelligence, and coming up with a response that everyone is capable of and happy with.\u201d<\/p>\n

While the Competition and Markets Authority (CMA) prohibits businesses from sharing commercially sensitive information, security discussions can be protected if the correct NDAs are in place and the information is only shared to the correct parties.\u00a0<\/p>\n

One example is shared knowledge around suppliers, says Cornish. \u201cIt\u2019s about understanding who suppliers are and what their risk is to your business \u2013 and if you are assessing them, they are probably a shared supplier with another co-op.\u201d\u00a0<\/p>\n

Every retailer will have hundreds of suppliers with highly connected digital systems, he adds, such as ordering systems, payroll, fridge monitoring and deliveries \u2013 and correctly shared information is key to reducing risk.<\/p>\n

Culture is a vital part of a cyber security system, says Gibson. \u201cAt the beginning, the Central Co-op cyber team weren\u2019t cyber experts at all. They\u2019re embedded in their team and promoted from other IT roles, and we came in and took them under our wing.\u201d\u00a0<\/p>\n

Related: 60 US credit unions suffer outages after ransomware attack<\/a><\/p>\n

Cornish wants increased policy support for retail cyber security. \u201cThe NCSC has published a Cyber Assessment Framework, which is what we assess our clients against today,\u201d he says. \u201cCritical national infrastructure already has mandated scores that they have to achieve.\u201d\u00a0<\/p>\n

Hacking has been around since the 1960s, and today there are two main motives behind it, he adds. \u201cIt\u2019s about pushing the boundaries because you can, or it\u2019s financial. A lot of people start with just pushing the boundaries because they\u2019re smart and inquisitive. And one of the most interesting pieces written about this is The Conscience of a Hacker, released in the 1980s [by hacker Loyd Blankenship].\u00a0<\/p>\n

\u201cIt basically said, \u2018I\u2019m not here to cause damage. I\u2019m here because I want to learn more.\u2019 It was about wanting to see more and about freedom of information. Now there\u2019s a split. There are people who want to test themselves and have access to more information \u2026 But then some people are just financially motivated \u2013 they hack the data and then sell it.\u201d<\/p>\n

As the cyber threat landscape evolves at an alarming rate, so grows the need for skilled cybersecurity professionals. Already valued at \u00a313.2bn, it has been identified by the government as a key frontier industry \u2013 but tens of thousands of cybersecurity jobs in the UK remain vacant.\u00a0<\/p>\n

In light of this, and in the wake of the cyber-attack it experienced, the Co-op Group launched a partnership with social impact business Hacking Games to identify young cyber talent and channel it into positive work.<\/p>\n

\u201cThere is an urgent need to engage Gen Z and inspire them to pursue careers in cybersecurity,\u201d said the Group, \u201cputting their cyber skills to ethical use as hackers for good, rather than being drawn down a more nefarious route that can cause real disruption to victims.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"Last year\u2019s cyber-attack on the Co-op Group is just the tip of the iceberg. Other retailers \u2013 including…\n","protected":false},"author":2,"featured_media":31335,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[13615,7435,1877,13616,12774,5,6],"class_list":{"0":"post-31334","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-uk","8":"tag-co-operative-retail-conference","9":"tag-cybercrime","10":"tag-cybersecurity","11":"tag-ourcoop","12":"tag-the-co-operative-group","13":"tag-uk","14":"tag-united-kingdom"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@UnitedKingdom\/116537787943421084","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/posts\/31334","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/comments?post=31334"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/posts\/31334\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/media\/31335"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/media?parent=31334"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/categories?post=31334"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/tags?post=31334"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}