search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
industryopinion


Why recent retail cyberattacks are


stretching CIO’s scope As cyber threats become increasingly closer to home, the CIO’s role now includes championing company-wide cyber practices and awareness, says Jon Bance, chief operating officer at Leading Resolutions.


R


ecent headlines have put the spotlight on an escalating cyber trend targeting the retail sector, and UK companies are being reminded that vulnerabilities can have a tangible


impact on day-to-day operations. Harrods recently confirmed that it had “experienced attempts to gain unauthorised access” to its systems, prompting its IT security team to take immediate action. This follows the attack on Co-op’s IT system and the ongoing disruption at Marks & Spencer that has affected the supply chain and online orders. From human error to the security policies of organisations’


service providers, these recent cyber incidents not only highlight the growing sophistication of threats targeting major retailers but also expose the web of risk that can be prevalent in every business’s IT ecosystem. Marks & Spencer’s popular click-and-collect service will suffer a


lengthy recovery process as it grapples with its system failure. The IT shutdown of Co-op has left empty shelves, which will undoubtedly affect revenue. The luxury department store Harrods has now joined a growing list of retailers experiencing attacks, serving as a cautionary tale. No matter how reputable or prestigious a brand is, no entity is immune to digital threats. These damaging cyberattacks will become more common, and


I believe that CIOs must dedicate even more time and effort to reviewing their cyber controls and ensuring their systems are as robust as possible. The scope of the CIO (chief information officer) is stretched more


than ever, as they must address critical security and AI development amid worsening macroeconomics. However, malicious actors will exploit the cyber efforts that retailers are juggling with to infiltrate IT systems. Safeguarding against cyber-attacks must be a continuous, top priority goal that the National Cyber Security Centre and Cabinet officials are now emphasising as a business priority. Coordinated with C-suite functions, business leaders should


prepare for the eventuality by developing a cyber strategy and adopting relevant tools. The temptation may be to pull all resources towards recovery, but it’s paramount for CIOs to take a strategic leadership role in guiding the business invest where it matters, i.e. cybersecurity. This involves patch cycles and strengthening their reporting procedures and awareness training to prevent any security fallouts.


www.pcr-online.biz In these fast-evolving times, Bance emphasises the benefits of


staying informed, whether it’s fixing vulnerabilities or updating the business’s cyber hygiene practices. A brief check-up on your systems can go a long way in


strengthening digital defences. The best approach is a proactive one, which involves regular audits, including increased vulnerability scans, review of firewall logs and rules, internal systems scan, updated software, and patch testing to ensure all crisis management strategies are supported. However, it’s not enough to have only layers of firewalls and unbreakable software - the best defence is educating the people in the business. These cyber groups often exploit human error rather than


technical flaws, using tactics like phishing and impersonating IT staff to gain access. Remote and hybrid workers are prime targets for attackers, as they often operate without the protections of on-premise security controls. Therefore, retailers must invest in training their employees across the business, from the supply chain to both on-site and off-site workers. Retailers may also rely on third-party vendors for various


services; however, CIOs in the retail sector need to implement comprehensive risk management frameworks for these third- party services to mitigate potential threats. The retail industry is one of the sectors that is highly dependent


on suppliers for payment processing, customer support, raw material sourcing and much more, but are CIOs prepared to meet that risk with a business strategy across vendor ecosystems? Regularly evaluating the security posture of third-party


vendors through audits, performance reviews, and monitoring tools can help identify potential vulnerabilities. Collaborating with vendors to develop joint incident response plans can ensure swift, coordinated actions in the event of a breach. Better visibility into all these areas helps CIOs proactively handle risks that are otherwise overlooked due to complicated supply chain networks. Cyber and business risk should be high up on a board meeting


agenda; all C-suite representatives should have responsibility. CIOs must drive change within businesses from a reactive patchwork to proactive resilience through ongoing employee training and continuous investment in both technology and people, emerging stronger in both operations and reputation.


May/June 2025 | 15


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52