Retail crime is escalating. In under a month, three globally recognized retailers — Co-op, Harrods, and Marks & Spencer — were hit with crippling cyberattacks. Systems were breached, store operations disrupted, and customer data put at risk. In some cases, the only reason core operations were recovered at all was thanks to outdated offline backups, not modern preparedness.
That's not resilience. That's luck.
Now, the same threat actors are targeting North America, and Canadian retailers should take note. These aren't one-off opportunistic hacks. They're coordinated, strategic attacks designed to cause maximum disruption across retail ecosystems. And increasingly, attackers are exploiting the most vulnerable parts of a retailer's operation: third-party vendors and supply chains.
Retailers who haven't experienced a breach yet aren't invincible. They're overdue.
It Doesn't Just Hit Tech. It Hits the Business.
Cyber incidents don't politely stay within IT. They spill into every part of the operation, paralyzing point-of-sale systems, freezing online platforms, derailing supply chains, and damaging the one thing retailers can't afford to lose: customer trust.
Globally, cybercrime is costing retailers more than $100 billion a year. The M&S breach alone is projected to cost $43 million in weekly lost revenue. The Home Depot breach in North America? An estimated $63 million. And that's just the starting point. It doesn't account for lost loyalty, declining share of wallet, or the uphill battle to rebuild a brand that customers no longer feel confident in.
The cost of a breach isn't just financial. It's operational, reputational, and long-lasting.
Assume the Attack Will Happen. Then Plan to Recover.
Too many retailers still operate under the assumption that their systems are secure enough or that their size makes them an unlikely target. But the mindset needs to shift to not if a cyberattack happens, but when.
This is where a strong Disaster Recovery (DR) and Business Continuity (BC) plan becomes critical. A plan that hasn't been updated or tested under real-world conditions might as well not exist. Retailers need a DR/BC strategy that's not only modern but also tightly aligned to the specific needs of the business, not just best practices from five years ago.
What Effective DR/BCP Looks Like Today
1. Business-Driven RPO + RTO
Too often, recovery point objectives (RPOs) and recovery time objectives (RTOs) are built around legacy IT benchmarks instead of what the business needs. Can your systems be restored quickly enough to prevent downtime at peak sales times? Can data be recovered fast enough to keep logistics moving? If the plan doesn't answer those questions, it isn't built for reality.
Thoughtful assessment is key. Organizations are increasingly turning to outside experts to validate whether their recovery objectives align with business priorities.
2. Secure, Tested Backups
A backup strategy is only useful if the data is intact, accessible, and restorable. That means regular automated backups, stored in secure off-site or cloud environments, with encryption as the default — not the afterthought. And just as importantly, they need to be tested.
At Compugen, we often begin by assessing how fast your existing backup environment can restore critical data. It's a small shift in thinking that can make a big difference in the moment that counts.
3. A Practical Incident Response Plan
Every minute matters in a cyber event. Your team should know exactly who to contact, how to escalate, and where systems will be restored. That includes communication with internal teams, customers, suppliers, and partners. A well-documented and rehearsed plan can mean the difference between a setback and a shutdown.
Supporting organizations through plan design is becoming a must. Integrating Disaster Recovery as a Service (DRaaS) can also reduce complexity — especially in hybrid environments.
4. Regular Training + Simulation
Even the best plan falls apart if people don't know how to follow it. Employees at every level need to understand their role in preventing, reporting, and responding to threats. That includes hands-on simulation exercises that stress-test readiness and expose gaps.
More organizations are now running tabletop and red-vs-blue scenarios, both internally and with partners like Compugen. These aren't check-the-box exercises. They help shift the organization from reactive to resilient.
5. Third-Party Risk Management
Many breaches begin with a supplier. If your partners aren't serious about cybersecurity, their risks become your risks. Vetting vendor practices, requiring aligned response plans, and ensuring access controls are tight are all non-negotiable now.
This is still one of the most overlooked parts of retail resilience. Outside assessments can help close gaps that internal teams may not even see.
6. Ongoing Improvement
Cyber threats evolve constantly, and your DR/BC plans should too. Build in regular reviews. Use both simulation exercises and real incidents as learning tools. A static plan is a vulnerable one.
Whether done internally or with the support of a partner like Compugen, continuous feedback and improvement make the difference between theory and actual preparedness.
Resilience is the New Retail Requirement
After financial services, retail is the second-most targeted industry for cybercrime. That's no surprise given how much of the sector has gone digital — from payments to loyalty programs to often complex integrations between in-store and ecommerce systems. With that transformation comes risk as these systems tend to rely on a hacker's favourite target: third-party systems. The stakes have never been higher.
Retailers can't afford to rely on assumptions, outdated plans, or a bit of good fortune. Whether the next attack is a headline-maker or a quieter disruption, the mission is the same: protect customer trust, keep operations moving, and recover with confidence.
Resilience isn't a checkbox. It's a business requirement.
Connect with us to start the conversation.
If you haven’t tested your Disaster Recovery or Business Continuity plans this year, you may not have one that works. Compugen can help assess where you are today — and what it will take to be ready for whatever comes next.
.png)