Co-op CEO Steps Down After Retailer Swings to a Loss Following

What happened

Co-op said chief executive Shirine Khoury-Haq is stepping down after four years in the top role as the retailer posted a loss following the impact of last year’s cyberattack and other cost pressures. The company said it swung to an underlying operating loss of £35 million for 2025, compared with a £131 million profit in 2024. It said the cyberattack caused a £285 million hit to revenue and an estimated £107 million reduction in profitability. Co-op also said it faced about £150 million in higher costs linked to wages, employment-related charges, and environmental regulation. Kate Allum, a board member, will take over as interim group chief executive while the company searches for a permanent successor.

Who is affected

The direct impact falls on Co-op and its retail operations, which the company said were hit by the cyberattack and wider cost pressures. The leadership change also affects the group’s ongoing recovery and transformation plans across its food and broader consumer-facing business.

Why CISOs should care

This matters because the cyberattack was significant enough to materially affect both revenue and profitability at a major retailer. It also shows how a serious incident can carry through into leadership transition, long-term transformation planning, and broader financial performance well after the technical disruption itself.

3 practical actions

1. Quantify cyber impact in business terms: Make sure cyber incidents are measured not only in technical terms but also in lost revenue, reduced profitability, and operational drag.
2. Treat recovery as a long-tail leadership issue: Plan for cyber incidents to influence transformation timelines, executive decision-making, and leadership stability beyond the initial response phase.
3. Align resilience planning with financial resilience: Ensure cyber resilience programs account for the possibility that a major attack may coincide with wider cost pressure and weaken overall business performance.

For more news about enterprise security events affecting business resilience and strategy, click Cybersecurity to read more.