Estimated Reading Time: 4 - 5 minutes
In April 2025, two of the UK’s most recognisable retailers - Marks & Spencer (M&S) and the Co-op - were hit by a coordinated ransomware attack that disrupted operations, compromised customer data, and caused financial losses estimated between £270 million and £440 million. The incident, attributed to the Scattered Spider group, has been classified by the Cyber Monitoring Centre (CMC) as a Category 2 systemic cyber event.
Why This Matters to SMBs
While it’s easy to think that cybercriminals only target large corporations, the reality is that small and medium-sized businesses (SMBs) are often seen as easier targets. The same tactics used against M&S and Co-op - such as exploiting third-party services, phishing, and credential theft - are just as effective against smaller organisations, especially those without dedicated cybersecurity teams.
Key Lessons for Local Businesses
1. Cybersecurity is a Business Continuity Issue
The attacks forced M&S to shut down parts of its online operations, directly impacting revenue. For SMBs, even a few hours of downtime can be devastating. Ensuring you have a robust backup and disaster recovery plan is essential.
2. Third-Party Risk is Your Risk
The CMC noted that the ripple effects extended to suppliers, franchisees, and service providers. If your business relies on external IT vendors, cloud services, or software platforms, it’s vital to assess their security posture as part of your own.
3. Customer Trust is Fragile
Both retailers suffered data breaches involving personal customer information. For SMBs, a single breach can irreparably damage reputation. Implementing strong data protection practices and being transparent with customers about how their data is handled builds long-term trust.
4. Cyber Insurance Isn’t a Silver Bullet
M&S expects to offset some of the £300 million impact through insurance and cost management. But insurance doesn’t cover everything - especially reputational damage or lost business. Prevention remains the best defence.
How We Can Help
At Telanova, we believe in proactively powering organisations with the best and most practical technology. That means:
- Future-Focused Security: We stay on top of the latest threats and tools to keep your systems secure.
- Proactive Monitoring: We identify and mitigate risks before they become problems.
- Engaged Support: We work closely with you, becoming part of your team - not just a service provider.
- Quality-Driven Solutions: We implement best-in-class security practices tailored to your business.
The M&S and Co-op attacks are a wake-up call for all UK businesses. Cybersecurity isn’t just an IT issue - it’s a business-critical priority. If you’re unsure where to start, we’re here to help.
Frequently Asked Questions (FAQs)
Why should a small business worry about ransomware attacks on large retailers?
Because the same tactics used against large corporations are often deployed against smaller businesses, which are typically less protected and more vulnerable.
How does ransomware impact business continuity?
Ransomware can halt your operations entirely - disrupting sales, customer communications, and internal workflows - resulting in severe financial and reputational damage.
What is third-party cyber risk?
It refers to the vulnerabilities introduced by your vendors, software providers, or IT support teams. If they’re breached, it can affect your business too.
Can cyber insurance fully protect me?
Not always. It may cover some costs, but not the reputational harm or loss of customer trust. Prevention and strong security practices are crucial.
What steps can I take now to protect my business?
Implement strong password policies, enable MFA, regularly back up your data, train your staff on phishing risks, and work with a trusted IT partner like Telanova.
Want to Strengthen Your Cybersecurity Before It’s Too Late?
Whether you're managing IT for a small local business or want to improve your current security setup, we’re here to help. At Telanova, we support businesses across Ascot, Bracknell, Wokingham, Reading and throughout Berkshire with practical, proactive cybersecurity solutions.
Learn more about our IT services or give us a call on 01344 989 530 to see how we can secure your business against modern threats.
