This past year, we have seen numerous luxury retail brands that have been targeted for cyber-attacks. Kering, the parent company of luxury brands Balenciaga, Gucci and Alexander McQueen, has recently joined the growing list of companies that have fallen victim to a cyber-attack.
According to the UK Government’s Cyber Security Breaches Survey[1], the percentage of UK businesses reported at least one cyber-crime in the past 12 months has decreased from 22% in 2024 (approximately 1.2 million businesses) to 20% in 2025 (approximately 1.1 million businesses). Even though the percentage appears to have declined, cyber incidents remain a persistent threat in the UK.
In this article, we explore the key takeaways for the luxury retail industry, and the practical measures businesses can take in defence of cybersecurity incidents.
Cyber Threat Trajectories
Cybercriminals are shifting their focus from traditional retail industry to the luxury retail industry, because of the high-net-worth customer data they hold. Personal information such as contact details, purchase histories, bank details and spending capacities can be weaponised for other cybercrimes, including phishing campaigns and deepfake frauds.
It is worth noting that cybersecurity breaches can have a rippling effect on the wider industry and its supply chains. To illustrate, Jaguar Land Rover’s (JLR) recent data breach has brought car productions to a halt, due to an IT outage. The consequences for its suppliers are equally as severe, as they struggle to stay afloat amid disrupted cash flow. Thousands of employees are also at risk of job losses. The financial, operational and reputational impact a data breach can have is evidently far-reaching.
This incident highlights that no organisation, regardless of its prestige and exclusivity, is immune from cyber-attacks, given the substantial volume of personal data held in today’s digital world.
Future-Proofing Your Business
Cyber threats continue to evolve in both complexity and scope, with the nature of attacks and sectors targeted varying over time. However, the underlying vulnerabilities often share commonalities, and the measures businesses can adopt are broadly similar.
To prevent from cybersecurity threats, we recommend implementing the following measures:
1. Implement a crisis response plan
Have a well-tested disaster recovery plan with defined roles, so that incidents are escalated and handled promptly. This includes containment of the breach, compliance with any reporting obligations to the Information Commission (IC), and maintaining transparent communications with the affected individuals.
2. Supplier and third party risk management
If your organisation relies on third party suppliers to operate, it is crucial to ensure that their processing activities meet the legal requirements. Auditing third parties or enforcing contractual cybersecurity obligations are effective ways to minimise exposure to vulnerabilities.
3. Undertake data protection training
Regular data protection training can increase employees’ awareness of data protection requirements and equip them with relevant knowledge and skills to respond to cybersecurity incidents.
4. Regular software updates
Outdated software can serve as an entry point for hackers to exploit systems. All operating systems, cybersecurity software and other applications should be consistently reviewed and kept up to date with the latest security standards.
5. Ongoing security monitoring
Adopt a proactive approach by continuously monitoring your systems for unusual or suspicious activities arising from network traffic, user behaviours and system access. Early detection and remediation can reduce the impact of data breaches.
The data breaches of luxury retail brands have demonstrated how a cyberattack can turn an isolated IT issue to a full-scale business crisis. As cyber criminals become more opportunistic and sophisticated, data protection must be taken as an ongoing priority.
Please do contact our Data Protection team on dataprotection@stephens-scown.co.uk if you require assistance.
[1] UK Gov, Cyber Security Breaches Survey 2025 – Cyber security breaches survey 2025 – GOV.UK