The Next Cyber Workforce: The UK High Street Attacks Show Companies Are Missing More Than Just IT Skills
Work News | New Stardom
When ransomware attacks disrupted Co-op’s ordering systems and exposed customer data at Marks & Spencer in May, the immediate fallout was visible on shop floors across the UK. Beyond the operational disruptions, the attacks revealed a deeper vulnerability inside these companies.
Photo by Malgorzata Bujalska
In interviews after the incidents, employees at several retailers described chaotic first responses, with little clear guidance from head offices. For cybersecurity analysts, the pattern is familiar. Despite years of investment in firewalls, insurance policies, and digital infrastructure, many companies remain structurally unprepared to respond to large-scale cyber incidents. That is not only because of technology, but because they lack the people and skills to manage them from the inside.
These incidents highlighted gaps not only in organizational processes but also in specialist cybersecurity roles, which many companies struggled to fill during the crisis. We explore the most in-demand cybersecurity jobs and skills in 2025, and why these gaps remain a pressing challenge for businesses.
That shortage runs in two directions. First, there’s the acute and well-documented gap in specialist cybersecurity professionals. The UK’s Cyber Security Breaches Survey 2025 found that while most large businesses now rate cybersecurity as a priority, nearly half struggle to fill critical technical roles. This shortage has left even well-funded companies exposed to increasingly aggressive ransomware groups, whose tactics have evolved faster than many organizations’ capacity to defend against them.
But the attacks also exposed a second, less technical, and arguably more systemic, weakness: a workforce-wide lack of cyber awareness and resilience. While IT teams battled to restore systems, employees in logistics, customer service, and procurement were left improvising without protocols. The World Economic Forum noted that companies which recovered fastest were not necessarily those with the most advanced security systems, but those where teams across functions knew their roles, understood escalation pathways, and had practiced responding to disruptions.
Marks & Spencer faced significant disruptions to its online services and later confirmed that customer data had been compromised. Co-op experienced supply chain failures that left shelves empty in many locations, particularly in rural areas. Harrods, while avoiding severe disruptions to its stores, acknowledged attempted intrusions and responded by restricting internet access across its sites.
This organizational unpreparedness has pushed cybersecurity experts to argue for a broader definition of cyber skills, one that goes beyond coding or engineering, and includes risk literacy, incident communication, and decision-making under pressure. "Cybersecurity can't sit in a corner of the IT department anymore," says Dr. Louise Harmer, of Oxford University’s cybersecurity behavior group. "It has to be embedded into the way companies hire, train, and run their operations."
This is starting to reflect in hiring strategies. M&S and other retailers have advertised new roles aimed at bridging the gap between digital risk and daily operations, positions like cyber resilience coordinators, crisis response managers, and supply chain risk leads. These roles prioritize cross-functional skills, combining knowledge of logistics, compliance, and vendor management with cyber incident readiness.
Still, these changes are playing catch-up. As the attacks on the UK’s high street chains showed, the workforce companies had in place was not the workforce the moment demanded. Companies will need to invest in both tracks, hiring more cyber professionals to build and defend systems, and preparing the rest of their staff to recognize, respond to, and operate effectively during digital crises.
Cybersecurity isn’t only about preventing breaches anymore. It’s about ensuring that when they happen, and experts agree they will, the entire organization knows how to respond. At New Stardom, we cover the cybersecurity stories shaping work and business. Stay on top of the latest threats, skills gaps, and workplace risks by following us.
If you liked this story, subscribe for The Monthly Roundup newsletter, cross-checked, and hand-curated by humans.
Have insights on work and the future of work? Submit an opinion piece to New Stardom. Love work and career books? Explore our fun workplace book collection.
New Stardom is an independent magazine covering the Future of Work, AI, and emerging job trends. Stay informed and explore more on New Stardom.
