The recent cyber attacks on Marks & Spencer and the Co-op have exposed a critical weakness in the UK retail sector-one that goes far beyond firewalls and antivirus software. These incidents weren’t simply IT failures; they were the result of outdated assumptions about how modern digital infrastructure should be secured.

From a platform engineering perspective, these attacks offer a stark reminder that cybersecurity must be embedded into every layer of the technology stack by default, by policy, and by design.