Cyber Attacks Could Stifle Online Demand From The Under-35s

Cybercrime by organized hacking groups saw an increase in the first few months of 2025.

Moment Editorial/Getty Images

There was a return to very slight growth for U.K. retail sales volumes last year, but concerns are increasing that high-profile British and American cyber attacks targeting major retail chains will undermine the flaccid gains seen so far this year.

Top retailers on both sides of the Atlantic—from Marks & Spencer (M&S), Coop, and Harrods, to Ahold Delhaize USA and jewelry house Pandora’s U.S. operations—have been targeted by ransomware and other attacks, driving down consumer confidence as shoppers worry about their data being stolen.

M&S, with sales of £13.9 billion ($18.9 billion) in the year to March 2025, issued a £300 million ($407 million) profit warning in May due to the impact of its cyber attacks, and has only recently restored its online services. Year-to-date, the retailer’s share price is down by 7.7%.

According to London-based data and analytics house GlobalData, it is younger, not older, generations that appear to be taking the threat of retail data breaches most seriously. A survey from the company, conducted in July covering 2,000 U.K. respondents, shows that four in every five (79%) of those aged 25-34 were most worried. Across all age groups, the concern about personal data security dropped to 69% of consumers.

That worry is driving indecision. One third of 16-34s told GlobalData they are considering “cutting back or stopping” online purchases versus just 11% of over 55s (see chart below). This puts retailers under increasing pressure to improve their systems and restore digital trust with younger shoppers. “This is especially the case for online pure-plays, which cannot redirect sceptical consumers to stores,” said the company.

Age differences are stark

GlobalData’s lead retail analyst Emily Salter offered a nuanced take on the significant age disparity—and a silver lining. She said: “Older shoppers have children and greater pressures on their time, or less ability to visit stores as they age. Younger shoppers also place more emphasis on experiential shopping, so this, combined with security concerns, could push them into stores. But she added that the convenience associated with the online channel “will still trump security concerns for most consumers.”

The resilience of older consumers for online shopping, while comforting to retailers, will not offset spending declines from younger consumers, even if they go into physical stores to make purchases instead. Given the current precarious U.K. retail market, the negative potential arising from cyber attacks could damage a newly recovering market.

According to Britain’s Office of National Statistics (ONS), retail sales volumes rose by 0.7% in 2024, following a fall of 2.9% in 2023 and 4.1% in 2022. And while this marked the first rise in three years, sales volumes have not returned to 2022 levels.

In June, Matt Britzman, senior equity analyst at investment group Hargreaves Lansdown, said: “U.K. consumers are starting to lose some steam, as retail sales in May grew at their slowest pace in six months and the labour market shows signs of cooling. A few factors are likely at play, ranging from the lingering effects of higher prices to growing uncertainty about the future.

Low single-digit growth ahead

“Supermarkets are still holding up well, with food sales rising 3.6%, but non-essential items took a hit in May. One month doesn’t make a trend, but in the current climate, modest, low single-digit growth is likely where retail sales are headed.”

June ONS data suggest that online spending has not been affected yet. Sales values rose by 3.3% when comparing the second quarter with the first quarter. However, further data breaches could negatively affect the “low single-digit growth” predicted by Hargreaves Lansdown.

GlobalData’s Salter said: “Younger consumers are more concerned about retailers storing their payment details, and think they are not doing enough to protect their private information when shopping online. Paying with mobile wallets and third-party providers such as Apple Pay and PayPal is a way that consumers can avoid having to give their details directly to retailers.”

As well as improving their resilience to cyber attacks, Salter argues that store owners must therefore ensure their websites and apps are compatible with these payment methods as they are especially popular among under-35s.