IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Cybersecurity
#
Identity Theft
#
Cyber Threats

UK unveils £16 million plan to boost retail cyber defences

Today
Author image
By Shannon Williams, Journalist

The UK Government has announced a set of new cybersecurity measures aimed at bolstering the defences of the retail sector, following a significant uptick in cyber attacks targeting retailers. The move comes in the wake of high-profile data breaches, including those affecting luxury brands such as Dior, underscoring the vulnerability of retailers to digital threats and the wide-reaching consequences such incidents can provoke.

Among the measures is a GBP £16 million package of support, alongside boosted funding for the CHERI project, which focuses on making computer hardware more secure against cyber threats. Also central to the initiative is the introduction of a new software security code of practice. This code sets out the government's expectations for any organisation developing or selling software, outlining fundamental steps to ensure products are robustly protected against compromise.

Andy Norton, European Cyber Risk Officer at Armis, commented on the government's response and the broader challenge facing retailers. "These incidents highlight the increasingly high stakes in retail - a sector where even brief disruptions can lead to empty shelves, trigger panic buying, and cause wider supply chain issues," Norton said. He emphasised that the complexity of modern retail operations—with sprawling digital supply chains, large quantities of customer data, and the market expectation of continuous operation—makes the sector an appealing target for cybercriminals.

Statistics from the past six months are telling. "41% of retailers have seen an increase in threat activity over the last six months—and these threat actors will not be slowing down anytime soon," Norton noted. He argued for a more proactive approach to cybersecurity, recommending that retailers fully map out and understand their digital attack surface. According to industry surveys, 79% of global IT decision-makers in retail have identified the adoption of proactive cybersecurity postures as a top goal for next year. "Retailers who take this approach, using AI to their advantage, will be well-positioned to defend against attacks, before they materialise," Norton added.

Recent breaches have had international ramifications. The Dior data breach, for instance, resulted in unauthorised access to customer data in China and Korea, highlighting how cyber incidents can rapidly transcend national borders and affect individuals worldwide. Commenting on the Dior incident, Matt Hull, global head of Threat Intelligence at NCC Group, said, "The cyber attack on Dior has understandably raised eyebrows, particularly following a spate of similar incidents across the retail sector. For consumers who regularly shop online and trust brands with their data, this is yet another reminder that cyber threats are a persistent part of our digital reality."

Hull stressed the importance of shifting focus from simply trying to prevent attacks to building cyber resilience—the ability to respond to and recover from incidents while maintaining customer trust. "Rather than asking 'who's next?', the focus should now shift to 'how prepared are we to bounce back when something does go wrong?'. Cyber resilience isn't just about preventing attacks—it's about how well a business can respond, recover, and keep earning the trust of its customers," he said.

The rise in cyber attacks on global brands underscores the complex nature of modern supply chains and IT ecosystems, which provide fertile ground for threat actors to exploit vulnerabilities. Hull further underlined that customers themselves must exercise caution after breaches, as the risk of scams and identity theft increases. According to Hull, "A little caution goes a long way."

The government's new code of practice and funding increases aim to create a higher baseline of security across the software supply chain. However, industry experts argue that only a holistic approach—one which combines better technology, clear processes, consistent vigilance, and public awareness—will enable both businesses and consumers to withstand the evolving landscape of digital threats.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Zyxel Networks achieves top customer ratings for firewall & VPNs
Deliverect unveils AI platform to reduce refund fraud in eateries
Emerging AI security risks exposed in Pangea's global study
Report finds legacy tech & budgets hinder UK public sector AI
UK accountancy firms cautious on fully embracing cloud IT shift
Top stories
Boomi acquires Thru to enhance secure file transfer platform
Proofpoint to acquire Hornetsecurity, boosting AI security for SMBs
TCS ranked 45th most valuable brand globally, valued at USD $57.3bn
Tenable One unifies risk data with new connectors & dashboards
Xensam launches DataBridge to unify enterprise software data