Top Tips: Turning headlines into cyber lessons

Each cybersecurity incident holds important lessons.

Below, we turn real breaches into actionable guidance to help you fortify your defences and respond with resilience.

Lesson from Peter Green Chilled: Know your operational vulnerabilities

When ransomware hit chilled logistics firm Peter Green, the fallout rippled through UK supermarkets. Order processing was halted, stock spoiled, and small suppliers suffered major losses.

Tip: Identify mission-critical systems – such as logistics, inventory or customer portals – and ensure they’re part of a tested incident response and recovery plan. Regularly simulate cyber scenarios to see how your teams and systems respond under pressure.

Business continuity isn’t a luxury — it’s a lifeline.

Lesson from Adidas: Trust but verify third-party providers

Adidas found itself at the centre of a data breach not due to its own systems, but a vulnerability in a third-party customer service provider. Contact information was exposed, prompting customer concerns and reputational risk.

Tip: Conduct due diligence on all vendors—especially those handling customer data. Include cybersecurity performance requirements in contracts, demand breach notification timelines, and review their access to your systems regularly.

Don’t outsource risk without oversight

Lesson from the legal aid agency: Government breaches have human consequences

The breach at the Legal Aid Agency compromised over two million records containing personal and financial data, impacting some of society’s most vulnerable people. It forced a shutdown of key digital services.

Tip: Encrypt all sensitive data and apply the principle of least privilege to access controls. Make sure you manage citizen or client data, create strict data classification policies, regularly assess where that data lives, who can access it, and how it’s secured.

Recovery plans should include public communication strategies and legal compliance responses.

Lesson from The North Face: Credential reuse remains a major threat

The North Face suffered a credential stuffing attack, where hackers used previously breached passwords to access user accounts. Purchase history, addresses, and contact details were among the exposed information.

Tip: Implement multi-factor authentication (MFA) across all systems, especially where customer logins are involved. Set thresholds for login attempts and use geolocation or device-based anomaly detection.

Regularly remind customers and staff not to reuse passwords, and consider deploying password-less authentication solutions over time.

Lesson from Cartier: High-profile brands are bullseyes for cybercriminals

Luxury retailer Cartier confirmed a data breach involving personal details of VIP customers. While limited, the exposure of high-value customer data puts reputation, trust, and customer loyalty at risk.

Tip: Protect your most sensitive and strategic data—such as executive emails, VIP customer records, or proprietary designs—with elevated controls. This includes data masking, enhanced access logs, and tailored incident response playbooks.

The more valuable your data, the more it should be guarded like a crown jewel.

Cybersecurity starts with people, not just technology

Across every lesson, one theme stands out: cyberattacks exploit people, not just systems. Whether it’s a phishing email, misconfigured server, or neglected vendor oversight, human decisions shape every breach.

Tip: Embed cybersecurity into the culture of your organisation. Run regular phishing simulations, provide training tailored to roles (not just generic modules), and encourage employees to report suspicious behaviour without fear.

A well-trained team is your first—and best—line of defence.