The recent wave of cyberattacks on major UK retailers, including Marks & Spencer, Co-Op and Harrods, is a stark warning to the ecommerce industry. Reports suggest M & S is expecting to lose £ 300 million in sales and see disruption until July, which is a reminder that the damage can go well beyond immediate financial loss. It can take months or even years to rebuild customer trust and operational stability.

Retailers are prime targets because of the volume of identity and payment data, as well as other PII( Personally Identifiable Information) they hold. This data, which includes contact details, dates of birth, and other sensitive identifiers, is likely being sold to

Overly cautious fraud systems risk rejecting loyal shoppers and damaging the customer experience, which creates a different kind of loss.

fraudsters who will use it to carry out phishing attacks and attempt fraud across other retailers for immediate fraud, but also to test the waters through account takeover, credential-stuffing attacks and sleeper accounts that mimic legitimate customers before being exploited at scale.

This is not a risk limited to high-profile brands. Any ecommerce business holding customer data could be targeted. Monitoring for unusual behaviour among existing users is essential, along with strengthening authentication measures. Often, just one set of compromised credentials is enough to put internal systems at risk. Encouraging password resets, promoting strong and unique passwords, and enabling two-factor authentication are all sensible preventative steps.

As attacks become more targeted and sophisticated, ecommerce businesses need to think beyond firewalls. Attackers are increasingly using bots and automated tools to test stolen credentials and launch attacks at scale. Detection systems must be capable of adapting in real time to keep pace. Resilience built into digital infrastructure is the strongest defence against these attacks. That includes putting in place robust fraud and abuse detection systems, not just to block threats but to keep trusted customers moving through. Being able to recognise legitimate customers in real time, stop bad actors without disrupting the experience, and maintain continuity under pressure is now essential.

Overly cautious fraud systems risk rejecting loyal shoppers and damaging the customer experience, which creates a different kind of loss. This is where network-based intelligence becomes critical. Manual review teams should be kept informed of the latest fraud tactics linked to data breaches, while machine learning systems must be continuously optimised to detect changing patterns. By tapping into real-time signals from a global network of merchants, retailers can detect threats early, adapt quickly and protect both revenue and reputation.

Looking ahead, retailers who take action now and invest in digital resilience will be far better equipped to not only minimise the fallout from future attacks and protect both their customers and their business in the months ahead, but gain a competitive advantage by delivering secure, seamless experiences when it matters most.

32 INTELLIGENTCIO EUROPE www. intelligentcio. com

Intelligent CIO Europe Issue 91 | Page 32