Co-op's CEO has just confirmed that their cybersecurity disaster cost £80 million. The attackers? Teenagers are using basic social engineering. In this Hot Takes episode, we break down how "We've contained the incident" turned into an £80 million earnings wipeout, and why the final bill could reach £400-500 million once legal claims are settled.

This isn't just another breach story - it's a wake-up call for every UK business owner who thinks "it won't happen to us."

Key Topics Covered

The Attack Breakdown [0:30 ]

• April 2024 attack by the Scattered Spider group


• Social engineering, not sophisticated exploits


• 6.5 million members affected (100% of Co-op members)


• 2,300 stores disrupted, 800 funeral homes on paper systems

The Real Cost [1:45 ]

• £80 million confirmed earnings impact


• £206 million total sales impact


• £20 million in direct incident costs


• Zero cyber insurance coverage

Why It Could Get Much Worse [2:30 ]

• Pending ICO fine: £15-20 million likely


• Individual GDPR compensation claims: £25-£150 per person


• Potential £325 million member compensation exposure


• Final bill estimate: £400-500 million

Lessons for UK Small Businesses [3:15 ]

• Social engineering beats technical defences


• Cyber insurance is essential, not optional


• Business continuity failures amplify costs


• Training matters more than firewalls

Key Statistics

• £80 million - Confirmed earnings impact


• 6.5 million - Customers affected (every single member)


• £12 - Cost per affected customer (low by UK standards)


• £325 million - Potential member compensation exposure


• 17-20 years old - Age of arrested suspects


• 2,300+ - Stores affected by operational disruption

Resources & Links

Full Analysis:

Read the complete breakdown: Link 

Key Sources Cited:

• ICO Statement on Retail Cyber Incidents


• Computer Weekly: Co-op breach coverage


• Insurance Insider: Co-op's lack of cyber coverage


• UK Government Cyber Security Breaches Survey 2025

Action Items for Listeners

1. Check your cyber insurance policy - Do you have coverage? Is it adequate?


2. Review employee training - When was the last time your team received social engineering awareness training?


3. Test business continuity - Can your operations survive 2 weeks offline?


4. Read the full blog post - Get all the details and cost breakdowns

Quote of the Episode

"Co-op's disaster isn't a cybersecurity failure. It's a business leadership failure. And if you're listening to this thinking your business is different, you're next."