A cyberattack can paralyze a company’s online sales for weeks

If a cyberattack manages to paralyze a company’s online sales, the economic and reputational consequences are very serious

In Lapland, they are already working flat out on Santa’s gifts. Believe it or not, there is one month to go until Black Friday and two until Christmas.

For many companies, these months are crucial from a commercial standpoint, as a significant portion of their sales is concentrated around November and December.

Suppose we add to this the boom in online sales over the last five years. In that case, companies in sectors such as retail must focus not only on their commercial strategy but also on their cybersecurity strategy.

Why? A cyberattack can paralyze a company’s online sales for weeks.

While this situation is serious in itself, it can be even more damaging to a company’s finances if it occurs during the weeks when online sales are expected to be highest.

Below, we explain how a cyberattack can paralyze a company’s online sales and what companies can do to prevent cyberattacks against the retail sector from causing enormous economic and reputational damage.

1. Ransomware attacks, a plague that spreads thanks to the RaaS model

By now, even those unfamiliar with cybersecurity are likely aware of the concept of ransomware.

Unfortunately, ransomware attacks have grown exponentially in recent years, largely due to the emergence of Ransomware-as-a-Service groups that offer thousands of criminals, without specialized knowledge or resources, the ability to launch attacks against companies.

In many cases, successful ransomware attacks result in the theft of personal data from company customers, but do not affect their essential services and operations. However, in recent months, there have been security incidents that have affected the business continuity of retail companies and disrupted the operation of their e-commerce sites.

Just a few days ago, Muji, a Japanese retail company, had to close its online store due to a successful ransomware cyberattack against Askul, its e-commerce provider.

Before the online store was closed, consumers were unable to make purchases or view their order history through the Muji app.

This incident joins the long list of ransomware attacks suffered by large companies in the sector in 2025. The most serious of these, involving Marks & Spencer, meant that it was unable to sell clothing online for 46 days, just as the end of spring approached, when millions of Britons were buying their summer outfits.

To give us an idea of the economic impact, it is estimated that online sales account for a third of M&S’s total clothing and homewares sales, and that consumers spend around £3.8 million every day on its website and apps.

2. Crashing e-commerce sites. RDDoS attacks are a threat during critical periods

Distributed denial-of-service (DDoS) attacks are not a new phenomenon. For years, malicious actors have been launching these types of attacks against companies and public administrations. To what end? To cause their online services to crash by exhausting their services and preventing servers from handling all the requests they receive.

In the field of e-commerce, DDoS attacks are particularly critical, especially at key times of the year such as Black Friday or Christmas.

Furthermore, through RDDoS attacks, malicious actors not only cause e-commerce sites to crash but also demand that companies pay a ransom, as in ransomware attacks, in exchange for halting their malicious operations.

3. Black Friday and Christmas: The perfect opportunity to extort e-commerce companies

The idea that a cyberattack could paralyze a company’s online sales during the last weeks of November and the month of December is not mere speculation.

During Black Friday 2024, the retail group Fourlis, which operates the Ikea franchise in countries on the eastern flank of the EU, such as Greece and Romania, suffered a security incident that caused Ikea’s e-commerce platform to crash in these countries.

This meant that consumers could only shop at Ikea in its physical stores, and there were also delays in processing purchases during this commercially important sales campaign.

Why are companies that sell their products through e-commerce an even more attractive target in the last months of the year? If a cyberattack can paralyze a company’s online sales during critical days or weeks, the chances of organizations agreeing to negotiate a ransom payment with criminals increase. Similarly, the amount that malicious actors can demand from the companies they extort is also a concern.

How should a security incident that affects online sales and demands a ransom payment be handled? Both law enforcement agencies and cybersecurity experts strongly recommend never paying a ransom after a cyberattack.

Therefore, once a security incident is detected, it is crucial to activate the incident response plan, allow the incident response team to orchestrate an effective response, and notify the relevant public authorities of the incident.

4. Large companies face millions in losses due to falling sales

£60 million. That is how Co-op, a British retail giant, has quantified its sales losses resulting from a cyberattack it suffered in April 2025. This figure illustrates the significant economic impact of a security incident affecting a company’s sales.

Beyond the losses resulting from sales that could not be made, we must not overlook the damage this causes to our competitiveness.

For example, in the case of M&S, a study concluded that its direct competitors in the fashion sector benefited. Thus, while M&S’s sales declined, those of Next, Zara, and H&M rebounded.

Therefore, if a cyberattack can paralyze a company’s online sales, it not only results in direct and immediate economic losses, but it can also undermine the company’s market position in the medium to long term.

5. It’s not just the giants that are in the crosshairs. A cyberattack can paralyze the online sales of a small business

So far, we have talked about large companies and astronomical figures, but SMEs are also vulnerable to cyberattacks. In fact, some factors can increase their vulnerability to incidents:

1. Lack of awareness. Many business owners believe that cyberattacks are only a concern for large companies and that cybercriminals do not attack SMEs.
2. The lack of training for managers in cybersecurity means that effective security strategies are not designed and implemented.
3. In many cases, no resources are allocated to cybersecurity, nor are cybersecurity services for SMEs contracted to ensure an optimal level of protection against attacks.
4. Even if companies are aware of the issue, the resources they can invest in cybersecurity are more limited than those of large corporations.
5. As a result, SMEs take an average of more than 200 days to detect a security incident, which increases the likelihood that malicious actors will spread throughout their technological infrastructure and cause more serious and difficult-to-resolve damage.
6. Professionals working in small and medium-sized enterprises also have a low level of awareness and training in cybersecurity, making them more vulnerable to social engineering techniques.

What happens if a cyberattack can paralyze the online sales of a small or medium-sized business? The result of the incident will not translate into millions of dollars. Still, its economic, competitive, and reputational impact can be so severe that it causes the company to go bankrupt or interrupts its growth in the medium and long term.

6. Consumer confidence in online sales is declining due to security incidents

What large companies and SMEs that sell their products online have in common is that they are affected by the loss of consumer confidence.

A study conducted in the United Kingdom following security incidents suffered by companies such as M&S, Co-op, and Harrods reveals that a third of consumers between the ages of 16 and 44 are considering reducing their online purchases and returning to physical stores. Why?

These consumers place great importance on the user experience during the purchasing process, as well as on the security of their personal data, which can be affected by security incidents involving e-commerce.

Therefore, if consumers begin to realize the importance of security when shopping online, companies must urgently enhance their security measures.

A cyberattack can paralyze a company’s online sales, but it can also impact the broader sector by eroding consumer confidence in e-commerce.

7. What can be done to prevent incidents that affect a company’s online sales

To prevent a cyberattack from paralyzing a company’s online sales, the company needs to contract cybersecurity services to strengthen its resilience:

1. Continuous web security auditing to detect vulnerabilities and attacks in the early stages against your e-commerce site.
2. Vulnerability management. Monitoring weaknesses in the technological infrastructure and having a mitigation plan in place that considers the potential impact on the business model is essential.
3. Social engineering testing. As the M&S incident demonstrates, the source of many successful attacks is human error. In this case, a company professional responsible for M&S’s IT support was deceived by malicious actors who posed as a retail company employee and managed to have their access credentials to corporate systems restored. That is why it is essential to subject a company and its suppliers to social engineering tests to enhance their ability to counter these techniques.
4. DoS tests simulate attacks in controlled environments to anticipate malicious actors and prepare the company’s infrastructure to withstand DDoS attacks.
5. Penetration testing services. Advanced intrusion tests simulate real attacks to identify weaknesses that could be exploited, for example, to cause an e-commerce site to crash. Additionally, the experts who perform these tests compile a list of recommendations to address the weaknesses identified.
6. Red Team. Large companies with a higher level of technological maturity and greater resources can periodically conduct ransomware simulations to assess how their defense mechanisms would respond to real attacks and optimize them before a real attack occurs.

8. Proactive incident response is critical when a security incident can disrupt online sales

What happens if a security incident cannot be prevented? It is essential to act quickly and effectively to prevent the cyberattack from paralyzing online sales or, at the very least, to limit its impact and return to normal in a matter of hours rather than weeks.

To do this, it is essential to have a proactive incident response service that has previously performed a wide range of tasks, such as:

• Periodic readiness assessments to ensure that the response team is deployed immediately.
• Recurring compromise assessments to detect malicious activity in the company’s infrastructure.
• Incident drills to optimize incident response.
• Threat analysis to identify malicious actors who could attack the company and prevent such attacks.
• A comprehensive and up-to-date incident response plan to activate an effective response as quickly as possible.

Thanks to this preliminary work, it is possible to understand the incident, investigate it, identify the scope of the compromise, orchestrate tailored responses, and expel the malicious actor, thereby restoring normality and analyzing what happened.

To what end? To prevent a security incident from having a major impact on a company, as happens in cases where a cyberattack can paralyze a company’s online sales.

In short, numerous cases demonstrate that a cyberattack can paralyze a company’s online sales and result in significant economic, competitive, and reputational losses.

Therefore, companies marketing their products and services online must integrate their commercial strategy with their cybersecurity strategy to protect what has become an essential commercial channel.