The Co-operative Group’s disclosure of a £120 million (approximately €137 million) profit impact from a recent cyber-attack has placed retail cybersecurity firmly in the spotlight. After reporting an £80 million (approximately €92 million) first half hit and £206 million (approximately €236 million) in lost revenue, Co-op now expects its full-year profits to take a £120 million blow (Reuters, 2025).

Chief Finance Officer Rachel Izzard explained that while the company had “front-end” cyber insurance for incident response, its policies did not cover the “back-end” operational disruption and prolonged losses (The Guardian, 2025).

For retailers across the EU, this event underscores a fundamental truth: cyberattacks are no longer isolated IT problems. They are business events that can directly cut into trading profits, test customer trust, and trigger regulatory scrutiny.

Beyond IT: retail’s expanded cyber risk surface

The modern retail environment is uniquely exposed. Omnichannel models depend on:

• Point-of-sale systems and card readers in stores
• Mobile and web apps hosting customer data and loyalty points
• Cloud-based supply chain platforms linked to logistics partners
• Unified communications and contact centres handling sensitive customer interactions

Each of these touchpoints is a potential entry point for attackers. Nearly all Threat Trends reports warn that ransomware, phishing, and credential attacks remain dominant vectors, exploiting both technology gaps and human weaknesses. PwC’s 2025 Global Digital Trust Insights survey reinforces that many organisations still underinvest in resilience despite increasing executive awareness (PwC, 2025).

Insurance is not enough

The Co-op case underscores the limits of cyber insurance. Many policies cover forensic investigation, legal costs, and regulator-facing activities. Few compensate fully for:

• Lost trading revenue
• Supply chain delays and re-routing costs
• Reputational damage leading to churn
• Increased borrowing costs following weaker financials

Boards must embed resilience into their governance and crisis management, rather than assuming that financial offsets will cover prolonged losses.

A broader resilience playbook

For EU retailers, the Co-op’s experience raises urgent board-level questions:

• How quickly can we isolate an attack and restore POS or e-commerce platforms?
• Do we have offline runbooks for store staff to keep trading safely during outages?
• What resilience is built into our customer contact channels to manage inbound demand?
• How do we guarantee secure communications across a distributed workforce?
• Are our suppliers and logistics partners secured to the same standard?
• What elements of our cyber insurance policy would not activate after a disruptive incident?

How Damovo supports retail resilience

Damovo’s approach extends well beyond testing. Our portfolio combines consulting, technology integration, and managed services to build secure, resilient retail operations:

Cybersecurity services and equipment

• Penetration, red teaming, and purple team testing of e-commerce, POS, and APIs.
• Web and mobile application security assessments to protect customer-facing systems.
• Phishing training for frontline staff.
• Physical security testing for in-store devices.
• Provision of next-generation firewalls, endpoint protection, secure wireless, and intrusion detection equipment to harden retail IT estates.

Secure enterprise networking

• Design and deployment of resilient SD-WAN and secure Wi-Fi networks across retail estates.
• Segmentation to reduce lateral movement risks in POS and back-office systems.
• Continuous monitoring and performance management through managed network services.

Secure unified communications (UC) and contact centres (CC)

• Encrypted UC platforms ensuring secure collaboration between store teams, depots, and head office.
• Secure, compliant contact centre solutions protecting customer identity and payment details during voice or chat interactions.
• Cloud and hybrid UC/CC integration, delivering resilience through geo-redundancy and secure access.

Managed security services (MSS)

• 24/7 security monitoring and response delivered by skilled analysts.
• Proactive threat hunting to identify compromise attempts earlier.
• Continuous vulnerability management and patch oversight.
• Integrated reporting to align cyber posture with executive and board KPIs.

vCISO and governance

• Strategic advisory on cyber governance, compliance with NIS2 and GDPR, and insurance policy review.
• Development of detailed business continuity, disaster recovery, and incident response policies and playbooks.
• Board-level scenario exercises to stress-test resilience across trading, supply chain, and communications.

A strategic inflection point for EU retail

The Co-op’s £120 million loss is more than a financial headline. It is a signal that retail must shift from reactive IT security to proactive resilience embedded across the enterprise. Cyber incidents disrupt operations, test supply chains, and damage customer trust.

Damovo’s integrated portfolio enables retailers to secure their networks, communications, customer engagement platforms, and core IT systems, while also strengthening governance and monitoring. By combining equipment, consulting, managed services, and secure UC/CC, Damovo helps retailers avoid becoming the next cautionary case study.