Due to the recent wave of cyberattacks on stores including M&S, Co-op, and Harrods, 66 per cent of UK consumers are now reconsidering where and how they spend their money online. This is based on new data from Opinium, a global research and insights agency that surveyed 2,000 adults in the UK who are 18 years of age or older online between 23rd May and 27th May 2025.
Nearly a quarter of customers (23 per cent) now plan to only purchase online with brands they fully trust, and 22 per cent would only shop with brands they believe have great security, according to the study.
More than half (55 per cent) of consumers now worry that their personal data has already been compromised in a breach as a result of the cyber crisis, which has severely damaged consumer confidence.
Furthermore, 9 per cent are temporarily avoiding internet purchasing, and 15 per cent now anticipate doing so less regularly. Others are taking precautions to keep themselves safe, as one in five people (19 per cent) change their passwords before making another purchase, and 12 per cent delete their previous accounts with online merchants.
Around, 33 per cent of respondents believe that shops bear the primary responsibility for protecting customers online, while 32 per cent believe that cyber security or IT companies bear the primary obligation. While 4 per cent believe that consumers are primarily responsible, others place blame on the government (13 per cent) and the police (5 per cent).
According to Opinium’s data, customers are growing more cautious about cyberattacks and their possible consequences. Cyberattacks are now viewed by over three-quarters (73 per cent) of UK customers as one of the largest hazards they face. Of those surveyed, 82 per cent think businesses should do more to secure their data, and 78 per cent think they should be more open about how they do so.
Over the Easter holiday weekend, M&S experienced issues when customers complained that they couldn’t utilise click-and-collect or contactless payments. The retailer then acknowledged on 13th May that the cyberattack had resulted in the theft of confidential customer data.
M&S emphasised that the information was not thought to have been shared online and did not contain account passwords or payment or card information. Co-op was also the target of a cyberattack on 30th April and is still dealing with the consequences. A cyberattack attempt on Harrods on 1st May quickly followed.
