The World Is Primed For Digital Risk – Has Fashion Kept Pace?

Back in 2020, The Interline posed a difficult question: Is fashion ready to take cybersecurity seriously? We weren’t being rhetorical. Like a lot of observers, we  saw what was coming: the industry’s push toward digitisation was moving at a serious pace, across a lot of different domains, without brands, retailers, and partners necessarily having the governance frameworks or  the guardrails to support it. Fashion’s embrace of cloud platforms, IoT – enabled supply chains, direct-to-consumer data models and – more recently –  AI powered personalisation has been rapid. But its approach to cybersecurity? In some instances it simply hasn’t kept pace with a technology surface that’s become wider, more complicated (see: AI) and more hostile much quicker than even we anticipated. At worst, it’s been underfunded, misunderstood, or outright ignored.

Fast forward to 2025, and the question feels very real for retailers and brands… and for consumers who this week received emails from one of the UK’s biggest household names debriefing them on the potential impacts of a cyber attack. With Dior, M&S, and Harrods all breached since the start of the month, we’re seeing just how quickly the threat has solidified, and we’re observing the real cost of underinvestment in information security infrastructure and talent. And the damage isn’t limited to compromised databases or disrupted operations. It’s eroding trust, weakening brand equity, and putting market positions at risk because it both involves consumer data (rather than just internal IP) and because the customer base is now primed to be hyper-aware of digital risk because of a wider cultural shift that has put personal identity, generative image models, and a range of other concerns front of mind.

It’s fair to say digital acceleration is now outpacing digital protection. Not across the board (there are industries and companies who take this all extremely seriously!)but often enough to raise alarms. In the five years since our original piece, fashion hasn’t just gone digital in an incremental way; it’s undergone a structural transformation. AI now informs everything from trend forecasting to product design. Customer engagement flows through data rich platforms, capturing preferences, and behavioural patterns at unprecedented speed. Supply chains operate in real time. Inventory exists in the cloud. And even customer service is increasingly handled by LLM powered assistants that are trained on sensitive, first party data. 

This is where the gap becomes critical. For all the value this transformation generates, the foundations beneath it are becoming more brittle. The cybersecurity infrastructure that should support all this innovation has moved on much more slowly relative to the outward pace of change, and for every well-resourced, expert in-house infosec team there’s another cohort of companies whose cybersecurity work is still being outsourced, deprioritised, or left to IT departments whose headcounts haven’t increased. And this isn’t speculation. According to Aon’s 2023 Cyber Resilience Report, the retail sector has advanced from “basic” to “managed” levels of cyber maturity over recent years. But progress has also slowed, cybersecurity ratings have largely plateaued, even as threats have grown more complex. The report points to a lack of senior-level governance as a persistent weakness.

At the heart of this issue is a misconception: cybersecurity is not a technical bolt-on. It’s a strategic enabler. Because without it, digital transformation becomes as much of a liability as it is a boon. 

In 2020, we said data was becoming a prized asset. Now, the idea that data is the industry’s top currency is universally accepted, but that recognition lags behind the understand that it’s also the industry’s  widest attack surface.

Back then, the primary fear we pointed to was IP theft:design files, product blueprints, internal roadmaps. Today, the target has shifted, and it’s consumer data that’s under fire: the personal details, behavioural insights, and preference files that brands now collect in abundance as they chase personalised engagement at scale. 

What makes this round of cyber attacks so dangerous isn’t just their sophistication, but their symbolism. Dior is more than a luxury label. It’s a cipher for exclusivity, prestige, and discretion. When Dior is breached, it’s not just the data that’s compromised, its mystique. 

Harrods, too, built its reputation on heritage, grandeur, and a sense of imperviousness. A breach punctures that illusion. These incidents cut deeper because they affect the pillars of consumer perception. M&S, often seen as an avatar for British quality and reliability, now faces a potential £100 million insurance claim due to cyber fall out. Its online store remains offline at time of writing, a visible reminder that these incidents don’t just live in the abstract. They affect sales, customers, and core channels of operation. 

But even though these lessons are in the news today, the reality remains that too many fashion businesses will still treat cyber security like flood insurance: useful in theory, comfortable to acknowledge during someone else’s crisis, but easy to postpone a proper overhaul of in practice. 

As we’ve already established, data is the lifeblood of an increasingly-digital fashion industry, and that makes its protection non-negotiable. Companies continue to invest in systems that optimise their product creation processes, their go-to-market, their planning, their  PLM platforms, digital twins, and advanced customer analytics -but rarely do we see equivalent commitment to cybersecurity. That imbalance isn’t technical, it’s strategic. And for brands and retailers the questions should be who  is accountable ensuring that the systems driving growth aren’t the same ones that are slowly creating risk exposure. 

We’ve said it before: in digital fashion, trust is everything. It’s easy to lose, and far harder to regain. This wave of attacks should serve as a wake up call, but it might also be a dress rehearsal. Just as fashion brands were slow to prepare for digital data threats, many are now spriting into AI adoption without first considering the risks. We’re not just entering a new technological era, we’re actively building it, and every shortcut taken now, becomes a risk multiplier down the line. 

The Interline has never advocated for any kind of pause on technology adoption, but we are realists when it comes to the need to make pragmatic, considered, culturally-aligned and safe strategic deployments of new digital solutions.

Back in 2020, we warned that as data became fashion’s most valuable asset, the risks around it would multiply, and that treating cybersecurity as a backend IT issue was no longer sustainable. That warning now feels less like foresight and more like inevitability. If fashion wants to protect the value it’s built, and the trust it depends on, it must treat cybersecurity not as a technical upgrade, but as a business imperative. The industry has invested in creativity, customer experience, and digital infrastructure. It’s time to invest, just as seriously, in securing them. 

Best from The Interline: 

To accompany the release of a new 15-page report from Lectra, documenting a unique period of deep challenges and historic opportunities for fashion, The Interline considers some of the key conclusions and the important actions – across the extended product lifecycle – that leading brands will need to take today in order to secure their futures, in this week’s first exclusive. 

In our first news analysis this week, we explore how AI adoption in fashion looks different at every level: while creative teams weigh its role in shaping ideas, factory workers must live under its metrics. 

And closing out this week, a new joint report from The Interline and SOURCING at MAGIC that redefines compliance, not as a box to tick, but as a foundation for long-term resilience.