The UK supermarket and grocery sector operates at extraordinary scale, combining nationwide physical estates with high-volume digital platforms, complex supply chains, and data-rich loyalty ecosystems. From online grocery fulfilment and payments to logistics, pricing, and customer data protection, cybersecurity is a foundational requirement for operational resilience and consumer trust.
The leaders featured below are responsible for securing some of the UK’s most recognisable grocery brands. Their roles span enterprise security leadership, data governance, risk management, and resilience across highly distributed and continuously operating environments.
Luke Fairless — Technology Director, Cyber (Chief Information Security Officer), Tesco
Luke Fairless serves as CISO at Tesco, where he is responsible for protecting the organisation, its customers, and its technology estate through the development of strong security capabilities and expert teams. His remit covers the security of one of the UK’s largest and most complex retail environments.
Previously, he held the role of Technology Director – Security and Capability, leading Tesco’s technology security programme and driving continuous improvement across skills, processes, metrics, and tooling within Tesco Technology.
Beyond Tesco, Fairless is Co-Chair of the UK & Ireland CISO Community at Evanta, a Gartner company, contributing to peer-led executive engagement and knowledge sharing across the region’s senior security leaders. He also serves as a Cyber Security Advisor and Risk & Audit Committee member at the Natural History Museum.
Douglas Weekes — Chief Information Security Officer and Director of Data Governance, Sainsbury’s
Douglas Weekes is CISO and Director of Data Governance at Sainsbury’s, where he leads information security and data governance across the group. His responsibilities include GDPR, PCI DSS, third-party assurance, and integrated risk management spanning Sainsbury’s, Argos, Nectar, and Habitat.
Weekes brings more than 16 years of experience at Sainsbury’s, with a career that has progressed through data governance, enterprise programme leadership, and operational roles. Prior to becoming CISO, he led data governance initiatives and held senior programme and operating model roles, providing him with deep insight into retail operations and transformation at scale.
His background reflects a blend of security leadership, regulatory accountability, and hands-on experience within large, complex retail organisations.
Michael Forbes — Chief Information Security Officer, Morrisons
Michael Forbes is Chief Information Security Officer at Morrisons, where he leads information security for one of the UK’s largest supermarket chains. He brings extensive experience across technology operations, service delivery, cloud, platforms, and workplace technologies.
With more than 25 years at Morrisons, Forbes has held a wide range of senior technology leadership roles prior to his CISO appointment. This long-term progression through the organisation has provided him with deep institutional knowledge of retail systems, infrastructure, and operational dependencies.
His role focuses on security governance, risk management, and resilience within a fast-paced, large-scale retail environment.
Simon Langley — Former Chief Information Security Officer, Asda
Simon Langley previously served as Chief Information Security Officer at Asda, where he was responsible for protecting the organisation and its customers through enterprise-wide information security risk management and governance.
Following his tenure at Asda, Langley has continued to hold senior cybersecurity leadership roles across regulated industries. He is currently Chief Information Security Officer at the Financial Ombudsman Service and also serves as CISO at Pharmacy2U on a contract basis. In addition, he works as a Principal Cybersecurity Consultant Associate at Tessiant.
His earlier experience includes serving as CISO at Covéa Insurance, with responsibilities spanning cyber operations, data protection, identity and access management, and regulatory compliance.
Sławomir Latkowski — Cybersecurity Lead, GB/IE, Aldi
SÅ‚awomir Latkowski is National IT Cybersecurity Lead for Aldi GB & Ireland, where he is the most senior member of the cybersecurity team. His role encompasses information security management, governance, technical controls, and organisational security culture across the business.
Latkowski leads the development and maintenance of the organisation’s ISMS, owns the cyber risk management lifecycle, and acts as a primary audit and incident response lead. His responsibilities also include security awareness, staff training, vulnerability management, and regulatory compliance, including PCI DSS.
He actively contributes to industry collaboration through participation in the NCSC Retail Trust Group and advises senior leadership on risk posture, threat landscape, and security architecture.
Securing Trust at Scale in UK Grocery Retail
UK supermarkets and grocery retailers operate in an environment defined by constant availability, thin margins, and intense public scrutiny. Cybersecurity leaders in this sector must balance resilience, regulatory compliance, and innovation while protecting millions of customers and highly distributed operational systems.
The CISOs and senior security leaders featured here demonstrate how effective security leadership in grocery retail is grounded in operational understanding, governance maturity, and close alignment with the business. As supermarkets continue to evolve their digital, data, and supply-chain capabilities, the role of the CISO remains central to maintaining trust, continuity, and long-term resilience across the sector.