In 2025, the UK witnessed one of its most disruptive waves of cybercrime to date, which saw several high-profile retailers hit by a sophisticated breach.
What began as a single attack quickly escalated into a barrage of compromises, highlighting the fragility of modern supply chains and the digital systems within major retailers. One company, in particular, experienced a record online outage, the exposure of sensitive customer data, and financial losses that exceeded hundreds of millions of pounds.
This case serves as a stark reminder that even industry leaders with extensive budgets and sophisticated infrastructure can be taken down when fundamental security controls are overlooked.
So, what could have been done to prevent it?
Here are six key lessons we can take from the incident, and how IDS Group can help safeguard your organisation.
- Social engineering remains the weakest link
In the retailer example, attackers used advanced social engineering tactics as threat actors bypassed Multi-Factor Authentication (MFA) and internal corporate controls by manipulating human users.
To prevent this, we recommend encouraging vigilance in your organisation. Regular, realistic Social Engineering Assessments can expose blind spots and urge your teams to think before they click.
- Third parties are the biggest weakness
In this breach, the attackers didn’t compromise the brand directly, they got in through a trusted third-party IT contractor, a major global services provider. With limited visibility and control over vendor access, the organisation was left exposed.
To reduce this risk, treat third-party access as critically as your own. We recommend conducting rigorous technical due diligence on vendors and partners, auditing their configurations, and using security questionnaires that are verified.
- Penetration testing isn’t just a tick-box
One of the key technical failings was weak segmentation between systems. Once inside, attackers navigated with ease across Active Directory and virtual environments, exposing a lack of internal containment.
Penetration testing must go beyond compliance exercises. We recommend scenario-based testing that includes privilege escalation paths, network traversal, and real-world attack emulation.
- Incident response time is everything
When systems went down, every hour of delay cost the institution, in lost revenue, but also in reputational damage and customer trust. The slower the response, the longer attackers lingered and the greater the damage.
We advise developing and testing a real, working Incident Response Plan. If you lack in-house responders, partner with experts who can jump in the moment you need them. Our SECaaS offering includes this kind of rapid-response capability.
- Cyber insurance won’t fix your reputation
Despite filing a £100 million insurance claim, the wider impact is estimated at over £1 billion, a figure that includes long-term loss of brand trust, operational disruption, and regulatory fallout.
To stay ahead of this kind of spiral, we recommend shifting focus from reactive insurance to proactive resilience. Invest in prevention — robust security controls, tested business continuity plans, and a crisis playbook that protects more than just your bottom line.
- Visibility is power
In this particular case, it wasn’t a complete lack of security controls, it was a failure to give visibility and monitoring the priority they deserve. With multiple complex systems in place, critical alerts were missed or not acted on in time, leading to a delayed and fragmented response.
True visibility is about utilising all the tools at your disposal, effectively. That means ensuring real-time insights are connected, surfaced to the right teams, and backed by clear action plans.
We recommend investing in consolidated monitoring and threat detection, particularly across hybrid and cloud environments, and making sure your teams are trained and resourced to act on what those tools reveal. When visibility is operationalised, organisations move faster, contain threats quicker, and regain control before damage escalates.
The 2025 cyber incidents are a wake-up call. Even the biggest companies, with ample budgets and resources, are vulnerable when the basics are overlooked. Cyber resilience is about creating a living defence strategy that evolves over time.
Don’t wait until you’re breached to act. IDS is here to help you stay ahead of the threats. Contact our team to schedule a security assessment or incident readiness consultation.
