Fashion Under Fire: How Can Retail Fend Off Cyber Attacks?

May 2025, Daryl Flack, Co-founder and Partner

Published on: Vogue Business

The potential cost of cyber attacks on a fashion retail business was laid bare this week. On Wednesday, British company Marks & Spencer (M&S) revealed that a recent ransomware incident, which forced it to temporarily suspend online trading, would cost it an estimated £300 million in the 2025/26 financial year.

“Over the last few weeks, we have been managing a highly sophisticated and targeted cyber attack, which has led to a limited period of disruption. We have tackled this head-on with incredible spirit, teamwork and a deep sense of responsibility as we prioritised serving our customers,” said M&S chief executive Stuart Machin in a statement on Wednesday. The company said it expects the online disruption to continue throughout June and into July. A statement on its website discloses that some personal customer data has been taken, but there is “no evidence that this data has been shared and it does not include usable card or payment details, or account passwords”.

M&S is not the only fashion business to have been targeted in recent weeks. Last week, Dior confirmed it had been struck by a cyber attack. In a statement to Vogue Business, a Dior spokesperson said: “Dior recently discovered that an unauthorised external party accessed some of the customer data we hold. We immediately took steps to contain this incident. The teams at Dior, supported by leading cybersecurity experts, continue to investigate and respond to the incident. We are notifying all the relevant regulatory authorities.” Dior emphasised that no financial information was contained in the database that was accessed.

“We are in the process of informing customers where necessary. The confidentiality and security of our customer data is an absolute priority for the house of Dior. We deeply regret any concern or inconvenience this matter may cause our customers,” the spokesperson added.

As the value of luxury rises, so too does its threat from crime. Vogue Business and GXO unpack the logistics measures the industry should be implementing to security-proof its supply chain and safeguard from losses.

While the origin of the hack is not confirmed, a group of self-described cybercriminals, which calls itself DragonForce, has told the BBC it was behind the attack at M&S. The same group also claimed to the BBC that it was behind another attempted hack at Harrods earlier this month. Harrods told Vogue Business it does not believe any customer data was accessed in the incident. “As of today, based on the ongoing assessments of both external cyber experts and internal security specialists, it remains the case that we have not seen any evidence of data exfiltration relating to Harrods customers and are therefore not asking our customers to do anything differently at this point,” said a spokesperson. DragonForce has not claimed any ties to the Dior incident.

Retail is emerging as a prime target for hackers, says Anton Yunussov, head of cyber security at professional services firm Forvis Mazars. “It all goes back to reliance on digital systems, omnichannel and also the large volumes of personal data that retailers hold,” he says. “These make them a valuable target to cyber attackers.”

The impact of cyber incidents can be significant, adds Yunussov. Not only is there the operational impact of core systems being compromised, but also the financial impact of suspended orders and empty shelves. Then, there is the reputational blow of hackers accessing customer data.

“The real risk is that attackers will leak or sell that data on the dark web, which will enable other attackers to target those individuals with more tailored phishing emails that’ll try to get them to compromise their personal accounts,” says Daryl Flack, cybersecurity expert and partner at IT security firm Avella.

Once retailers have recovered from the immediate aftermath of the incidents, “which can go on for weeks and even months”, they could face potential legal claims or regulatory fines, adds Flack. This is combined with “all of the money that you spent on those recovery operations, all of those third parties that you had to get in to help you, and any new systems that you had to buy from scratch or emergency software. You [may well] find that the balance sheet a year after an attack is much worse off than it was the year prior.”

How to safeguard against attacks

For retailers seeking to strengthen their cybersecurity in the face of what appears to be a growing threat, experts advise a suite of measures.

Preparation is the best way for the industry to fend off cyber attacks, says Neil Hare-Brown, CEO at cyber risk management company Storm Guidance. “There are not many retailers with tested cyber incident response plans. There’s a lack of investment in cybersecurity generally, and IT more fundamentally,” on top of a lax attitude around security and customer data from some companies, he adds.

Yunussov says multi-factor authentication is critical for all employees as well as third parties and contractors with access to IT networks — though not a failsafe. Employee training and awareness of how to spot phishing or impersonation attempts is another way to protect systems.

“Segment IT systems,” advises Flack, “then, if you do have an attack, rather than it spreading through all of your systems, it’s contained within a small area.” Retailers can even segment down to an individual device level, an approach that Flack calls “zero trust” and only equips teams with the access they need to carry out their specific roles. “That means if a criminal gets access, it’s harder for them to get administrative privileges.”

Ensure any identified security holes are patched up quickly, too, he adds. “Attackers will target organisations where they know that there are known vulnerabilities that haven’t been patched yet,” Flack explains. And invest in good backups. “They’re the things that save you if you’re under a ransomware attack. Once you’ve contained the breach and cleansed it all, you need to be able to restore from backup.” Use different technology for backups to the core IT system and make sure some are offline, he adds.

And finally: “Ensure you have access to a cyber incident response team on retainer or via a cyber insurer,” says Hare-Brown. “Have a cyber incident response plan and run immediate — and thereafter regular — cyber incident exercises to test it.”

That consistency of approach is key, says Venn. “The IT world is constantly evolving. There’s no point putting something in place today and thinking you’re protected. You’ve got to keep on top of it.”