In Spring 2025, a significant cybersecurity breach unfolded when two of the UK’s prominent retailers, Co-op and Marks & Spencer, fell victim to ransomware attacks. These incidents underscored the critical vulnerability of essential services, directly affecting not only the organizations themselves but also their customers and the wider public. The repercussions were stark: empty shelves became a common sight in stores, and customers found themselves unable to complete payments for items that were still in stock due to system outages. These cyber-attacks, attributed to the hacking groups known as Scattered Spider and “The Com,” resulted in financial losses amounting to hundreds of millions of pounds for both retailers.
The motivations behind such ransomware attacks are primarily financial, yet certain groups, like the ones involved in these incidents, appear to thrive on the notoriety and chaos they create. This trend introduces a particularly destructive form of criminality that organizations must now grapple with as part of their cybersecurity strategy. The notion of disruptive hedonism reflects a worrying shift in focus for some hackers, who now seem less concerned with monetary gain and more invested in the notoriety that comes with inflicting chaos.
In light of the heightened risks posed by such cyber threats, proactive measures are essential for organizations in the retail sector. Addressing this need, Semperis has devised an innovative educational initiative called “Enter the War Room: A Tabletop Experience,” set to take place at Infosecurity Europe 2026 on June 3. This immersive exercise allows participants to engage in a realistic simulation of a complex cyber-attack targeting a fictional supermarket dubbed “BlueCart.” While BlueCart is not a real entity, the scenarios presented draw inspiration from actual events, particularly the attacks recently suffered by UK retailers.
Guido Grillenmeier, a principal technologist at Semperis, elaborated on the relevance of this exercise, stating, “Retail is a target and everybody knows that. Often, organizations opt to pay a ransom to resume operations quickly, making retail a recurring target for cyberattacks.” In the simulation, BlueCart uses an advanced AI system for supply chain management, recently launched and thus vulnerable to exploitation by cybercriminals. As Grillenmeier points out, the imaginary supermarket is positioned to experience attacks akin to those faced by real retailers, providing an authentic backdrop for the exercise.
Participants in this tabletop experience will collaborate with individuals from diverse backgrounds, including former hackers and current cybersecurity defenders, to tackle the challenges of detection, decision-making, and crisis management in a high-pressure environment. While the event is structured as a roleplay simulation—with no real hacking involved—it serves to equip cybersecurity professionals with firsthand insights into coping mechanisms during a cyber-crisis, helping them identify vulnerabilities in their own operations. This experience is invaluable for those seeking to refine their organization’s crisis response strategies.
Attendees of Infosecurity Europe 2026 can register for the “Enter the War Room” experience, which promises to provoke critical thinking about cybersecurity preparedness. Grillenmeier emphasizes, “It encourages participants to contemplate essential factors, regardless of whether an attack is imminent or merely a possibility on the horizon. All the discussions and activities in the tabletop setting allow participants to reflect on how situations would unfold in their networks.”
Beyond this interactive offering, Semperis will have a notable presence at Infosecurity Europe. Visitors can find the company at booth #B118, where Courtney Guss, the Director of Crisis Management at Semperis, will address compliance challenges in her talk titled “Compliance at the Speed of a Crisis.” This presentation is scheduled for 10:35 AM on Tuesday, June 2, on the Cyber Strategies Stage.
Moreover, Semperis will hold a focused panel discussion entitled “The Importance of Human Resilience During Cyber War: Inside the Making of ‘Midnight in the War Room'” at 4:30 PM on the same day, shedding light on the human elements of crisis resilience in the complex landscape of cybersecurity.
As the frequency and complexity of cyber-attacks continue to rise, events such as these play a critical role in fortifying the resilience of organizations across sectors, particularly in retail, which is increasingly targeted by cybercriminals.