Cyber Attacks Set to Continue Amid ‘Fraud Pandemic’
A surge in high-profile cyberattacks targeting UK retailers is part of an ongoing “fraud pandemic,” cybersecurity experts have warned, cautioning that further major breaches are all but inevitable.
Retail giants including the Co-op, Harrods, and Marks & Spencer have already fallen victim to devastating cyber incidents in 2025. These attacks have compromised the personal data of millions of customers and caused substantial financial losses.
“These aren’t just serious data breaches, they’ve become full-scale operational crises with lasting financial and reputational damage,” said Vivek Dodd, CEO of compliance and security training provider Skillcast, speaking to The Independent.
Dodd warned that the so-called fraud pandemic is exposing the fragility of many organisations, especially those reliant on outdated systems or inconsistent staff training. “It’s placing enormous strain on already overstretched IT infrastructures, leaving customer data perilously exposed,” he said.
According to a recent report from Skillcast, a “significant portion” of professionals routinely overlook basic cybersecurity protocols, indicating that many employees are ill-equipped to respond to cyber threats.
Anthony Lloyd, principal cyber technologist at data protection firm tmc3, described the wave of attacks as a “blood in the water” scenario. He explained to The Independent that the success of recent hacks has emboldened cybercriminals and triggered a surge in copycat attacks.
“Hackers are now targeting other companies within the same sector, banking on them having similar weaknesses,” said Lloyd. “It’s not so much about a leap in sophistication, but rather a focus on exploiting a vulnerable, high-value industry.”
Lloyd also pointed to a recurring tension between robust security and user convenience. “To keep online shopping seamless, many retailers skip multi-factor authentication, viewing it as a barrier to user experience. Criminals are well aware of this and take advantage of it.”
He stressed the need for a cultural overhaul in how large organisations approach cybersecurity training, arguing that meaningful change is essential to protect consumers and the broader digital landscape.
Some experts have gone further, warning that the recent string of retail attacks could be a prelude to more catastrophic breaches, ones that could go beyond disruption and potentially endanger lives.
“The idea of a large-scale cyberattack on critical infrastructure is no longer just theoretical,” said Spencer Starkey, an executive at cybersecurity company SonicWall, in comments made last month.
“The same tactics used in recent breaches, identity theft, ransomware, lateral network movement, are precisely what could be used to paralyse sectors like healthcare, utilities, or government services.
“We haven’t yet seen a ‘black swan’ cyber event in the UK, but the current trajectory strongly suggests it’s not a question of if, but when. We must urgently improve cross-sector preparedness and resilience.”