A single cyberattack will cost the UK’s Co-op Group an estimated £120 million in lost profit this year—and it all started with a simple impersonation.

The breach occurred in April 2025, when attackers gained access to Co-op systems using social engineering tactics—impersonating a colleague to hijack credentials.

The company responded quickly, shutting down systems to contain the breach. But the operational damage was severe:

-£206 million drop in revenue in the first half of the year
-£80 million profit loss in H1 alone
-An estimated £120 million total profit hit for 2025
-Food availability was disrupted. Legal, insurance, and funeral service operations were also impacted.

Finance leadership confirmed the company had limited cyber insurance, covering only some front-end tech response—not revenue losses or long-term business impact.

The second half of the year includes £40 million in cyber resilience investments as part of a broader recovery and risk hardening effort.

This wasn’t a ransomware event. There was no mention of data theft. This was a disruption attack—and it worked.

The scale of the damage proves a point the cybersecurity industry has made for years:

It’s not always about data exfiltration. Sometimes, attackers win just by stopping the machine. For everyone watching from the outside, here are the hard truths:

-Social engineering still bypasses technology.
-Disruption costs more than most companies are insured for.
-When critical systems go down, revenue goes with them.
-The food sector, like healthcare and logistics, has zero tolerance for downtime.

This is no longer a theoretical risk. It's a financial line item—and in this case, a nine-figure one. If your board still sees cybersecurity as an IT problem, point them to this case. It’s a business operations crisis—with a clear cost.

#CyberSecurity #BusinessContinuity #CoopGroup #CyberAttack #SocialEngineering #IncidentResponse #OperationalRisk #CyberInsurance #DigitalResilience #RevenueLoss #RetailCybersecurity #SupplyChainSecurity #InfosecLeadership #RiskManagement

A single cyberattack will cost the UK’s Co-op Group an estimated £120 million in lost profit this year—and it all started with a simple impersonation.