Skip to main content Skip to footer

Beyond the breach

The human cost of cyber recovery


Author

Natalie Fresen


Last night, I popped into my local Co-op by the beach. The sun was shining... time for a walk and ideally, an ice cream. But the freezer was empty.

In fact, most of the shelves were. It was a sobering flashback to the early days of the pandemic; eerily quiet stores, gaps on shelves and that odd sense of disorientation.

But this time, the cause wasn’t a virus. It was a cyberattack.

Co-op, M&S, and Harrods are the latest major retailers hit by serious digital breaches. We’ve seen the headlines. We’ve seen the impact, from failed contactless payments to stock outages and websites gone dark. But what we don’t often see is the sheer scale of work happening behind the scenes. The invisible labour of recovery.

And it is labour. Complex, cross-functional, people-powered work. The kind that rarely gets the recognition it deserves.

A costly disruption

An analyst estimate suggests the M&S cyberattack is costing the business around £43 million a week in lost sales. That’s a sharp rise from early projections and highlights the scale of the impact. It doesn’t include the longer-term cost of customer churn, security upgrades, or reputational repair. Some forecasts suggest total losses could exceed £100 million once all is accounted for.

Co-op’s physical store disruption – from frozen stock systems to widespread shelf gaps – is likely to run into millions too.

Across the UK, cyberattacks are now costing businesses £64 billion a year, according to industry analysts. This isn’t just an IT issue. It’s a significant and growing business risk.

The human engine of recovery

Cybersecurity may start in the server room, but its fallout stretches far beyond IT. It affects every function of a retail operation.

Procurement teams are chasing disrupted supply chains. Logistics staff are rerouting orders and restocking shelves manually. Customer service agents are absorbing frustration and confusion. Comms and marketing teams are rewriting updates, FAQs, alerts, and reassurance messages on the fly. Leadership teams are working into the night to coordinate a coherent response across dozens of channels and hundreds of colleagues.

Stuart Machin, CEO of M&S, described teams “working around the clock” and he meant it. Retail doesn’t pause for problems. The pressure to return to service is immense, and the people behind the scenes carry that weight.

Communication: the real lifeline

From a communications standpoint, most of the public focus has rightly been on external updates; explaining what’s happened, what data was compromised and how customers should respond. I think they've all done a stellar job.

But internal comms is just as vital. Arguably more so in the initial hours and days post-attack.

It’s the emergency scaffolding. Fast, clear, cross-functional communication that helps teams understand the situation, triage actions and stay aligned under pressure. Good internal comms prevents panic. Great internal comms enables coordinated recovery.

In crises like this, internal messaging becomes a lifeline and not just for practical information, but for morale, confidence and cohesion.

Transparency in action

Co-op was the first to publicly confirm the attack. They acknowledged disruption to store payments and stock deliveries and shared plans for improvement. They later confirmed a data breach involving current and former members. Personal details like names and contact information were accessed. They apologised and have continued to update customers.

M&S also acknowledged a cyber incident around the Easter weekend. The website and app were taken offline. They later confirmed that some customer data had been accessed. Names, contact details, dates of birth and order history. No payment details or passwords were stolen, but users have been asked to reset passwords as a precaution. M&S has communicated directly with customers and involved cybersecurity experts and the authorities.

Harrods took a more cautious tone. They confirmed attempts had been made to access their systems and restricted internet access internally as a safety measure. They reassured customers that stores and online shopping were still running. They haven’t confirmed whether any data was compromised.

Each retailer has approached their messaging slightly differently. But the common thread is clear. Transparency. Responsibility. Reassurance. All three were relatively quick to acknowledge the breach and offer guidance to customers. But what sits beneath those updates is a complex, coordinated effort between teams. And that’s where the real story lives.

What this means for business leaders

There are two big takeaways for boards, execs and operational teams alike.

Cybersecurity is no longer just an IT issue. It’s a fundamental business risk. Proactive investment in defence, detection, and disaster recovery is not optional. It’s a cost-saving, reputation-preserving necessity. Recovery is always more expensive than prevention.

People and communication are your first line of defence and your fastest path to recovery. From the moment an incident occurs, it’s human coordination that matters most. Clear internal communication, empowered teams, and cross-departmental trust determine how fast and effectively you bounce back.

Recovery is a team sport

Next time you see an empty fridge at your local supermarket, know that it’s not just a supply chain hiccup. It’s the visible edge of an invisible engine. Hundreds of people behind the scenes, working flat-out to recover, rebuild, and restore.

And that, more than anything, is the reminder we need. Technology may fail. But people are what bring it back online.