In recent months, some of the UK’s most recognisable retail brands have seen their operations severely disrupted by sophisticated cyber attacks. Marks & Spencer reportedly lost an estimated £300 million (€346 million) in projected profits after a February ransomware incident forced stores to revert to manual, pen-and-paper processes. Around the same time, supply-chain platform attacks impacted Morrisons’ warehouse operations, and in April, the Co-op was forced to shut down parts of its systems in response to a threat that still led to data being stolen from over 6 million members. Even Harrods was named among the affected.
The scale and frequency of these events have prompted a fresh wave of scrutiny across the sector. Not just around security controls, but around operational resilience more broadly. As Triangle CTO Donal Byrne notes, the damage often extends well beyond the initial breach.
“The events this year with major retailers have, rightly, driven a particular focus on cyber recovery as a starting point, but the effects of gaps in resilience eventually cascade across the entire business.”
Retailers are now grappling with the reputational risks of visible disruption — empty shelves, closed tills, delayed orders — and the long-term impact those incidents can have on customer trust. “They didn’t have stock on shelves,” Byrne adds. “There is loyalty there, but surely that has an effect – a latent, or long-term effect.”
From cyber recovery to resilience
For many retailers, operational risk doesn’t begin with cyber attackers. It starts with the outdated systems still running critical functions behind the scenes. These platforms often persist because they work, but that mindset is shifting. As Triangle CTO Donal Byrne notes, “The ‘if it ain’t broke, don’t fix it’ mentality is a lot of what’s transforming.”
Retailers are now rethinking how their environments are architected — not just to recover from disruption, but to continue operating through it. That includes compartmentalising key applications, isolating point-of-sale systems, and building stores that can function independently if central systems go down. The goal is to protect the ability to trade — even mid-incident.
“Recovery is not resilience. They are related, and the ability to recover is necessary, but resilience is broader. The C-suite understands this more and more.”
As attacks increase and third-party dependencies multiply, operational resilience is becoming a business-wide concern. Retailers are recognising just how many entry points they must now manage — and why resilience needs to be led not just by IT, but with direct involvement from the CEO.
Designing for disruption
In response to rising threats, retailers are re-architecting their environments to contain risk and limit exposure. That means decoupling critical systems, inserting layers between ecommerce and backend operations, and controlling how and where data moves across the business. As Donal Byrne puts it, “You don’t hook up e-commerce straight through to your back-end; you create a gap or a bridge and move data that way.”
This technical shift is underpinned by a broader mindset change: resilience is no longer a contingency, it’s a design principle. The smartest retailers are planning for disruption as a certainty, not a possibility, and treating every layer of their digital estate as a potential point of failure, including customer-facing services.
“Businesses need to assume they are going to be attacked.”
Ultimately, resilience is no longer just about cybersecurity. It’s about protecting the continuity of service, trust, and trade in an increasingly connected and complex retail environment.
To read the original article in the Business Post and hear more from Donal Byrne, click here.
