Weeks after Marks & Spencer and Co-op were hit by ransomware, the headlines have faded, but the fallout hasn’t. M&S still can’t take online orders. Co-op’s shelves just started filling back up. And while the industry waits for postmortems and platitudes, something more interesting is playing out in the background.
We’re watching a systems failure. Not just technical. Not just operational. Philosophical.
The Illusion of Recovery Time
There’s a belief that recovery from a cyber event should be a matter of hours or days. A misconfigured server. A fixable breach. A reboot and an email apology.
But the M&S and Co-op cyber attacks 2025 shows that some incidents don’t go away quietly. These were retail nervous systems, disrupted across identity management, payments, logistics, customer engagement, and physical operations.
It’s hard to reboot a company when the company itself is the code.
Scattered Spider Attacked Trust
This particular group – Scattered Spider – didn’t break in through a zero-day exploit. They tricked humans. Impersonated help desk workers. Used SIM swapping to hijack phone numbers and gain internal access. It was a low-tech, high-sophistication breach. And it worked.
In this case, the systems were not missing. But the systems were stitched together by fallible assumptions: that internal staff can’t be spoofed, that Active Directory is invisible, that real humans always detect fake ones.
These attacks exposed the fragility of organizational belief.
Why Recovery Feels So Slow
We often say “we’re working around the clock” as a sign of action. But when recovery drags on for weeks, the narrative shifts. People start to wonder: Are they hiding something? Are they really in control?
The truth is more mundane, and more uncomfortable. The systems were never built for graceful failure.
Disruption reveals what resilience conceals. In this case: complex interdependencies, brittle integrations, and a culture that prioritizes uptime over understanding.
A Lesson in Systems Thinking
The M&S and Co-op cyber incidents are stories about complexity. About how the decisions we make in the name of convenience – we know them as single sign-on, self-checkout apps, connected supply chains – create single points of failure we only recognize in hindsight.
Cyber is just the flashpoint. The deeper risk is thinking you’re immune because you invested in tech, while ignoring the habits, incentives, and blind spots that actually shape how systems perform under stress.
What if You Could Practice a Breach Like This…Before It Hit the Front Page?
M&S didn’t fall because of a lack of investment. Co-op didn’t get breached because it ignored cyber risk. These were sophisticated organizations. The issue wasn’t awareness. It was preparedness under pressure.
Most companies run tabletop exercises that assume rational actors, clean handoffs, and perfect information. But real breaches are messy. Fast. Confusing. Noisy. And the failure point is often human, not technical.
iluminr helps organizations rehearse chaos on purpose.
With short, sharp Microsimulations and dynamic playbooks, teams can practice what it feels like to get hit with ransomware at 3am, lose access to key systems, or watch misinformation spread faster than facts. Over time, this builds muscle memory – across IT, comms, and execs – so the first time you face disruption isn’t the real thing.
This isn’t resilience theater. It’s systems thinking in action.
In a time where one impersonated help desk ticket can collapse operations, the most prepared organizations are not the ones with the thickest crisis plan. They’re the ones who already felt it break, and know exactly what to do next.
Book a demo to experience how iluminr helps teams rehearse real-world cyber attacks, uncover hidden gaps, and build muscle memory for the moments that matter.
