Last November, IKEA’s franchises in Eastern Europe suffered a ransomware attack. The incident halted store operations across multiple countries, disrupted logistics, and forced teams into crisis mode.
While they were able to fend off the attack, and restore their backups, the disruption caused over the Black Friday sales cost the group roughly €15 million in lost revenue, with the disruption causing ripples into their first quarter of 2025. It’s a stark reminder that cyber attacks don’t just steal data — they can bring entire organisations to a standstill.
Here are three key lessons this story reinforces — and the practical actions businesses can take to strengthen their resilience:
THE COST OF THE DISRUPTION WAS HIGH, BUT COULD HAVE BEEN SO MUCH HIGHER.
Ikea's regional group were quick to repel the attack, spin up their backups and ensure no data was leaked. Even as a win for the defenders, the cost from a few days of disruption was staggering. It begs the question, what would it have looked like if they lost? Store closures, operational downtime, customer frustration, and potential reputational fallout. These consequences are far harder to quantify, and often longer lasting.
Action to take:
-
Revisit your incident response and business continuity plans regularly.
-
Run simulation exercises across all departments, not just IT. Ensure every team knows what to do if systems go down or data is compromised.
YOU MAY NOT BE THE TARGET, BUT YOU COULD STILL BE A VICTIM.
This wasn’t a direct hit on IKEA globally, but on its regional franchises. Increasingly, attackers go after the weakest link in a supply chain or corporate structure. No one is too small, too local, or too peripheral to be targeted.
Action to take:
-
Map your third-party and vendor access points — who has access to what?
-
Implement strong controls, monitoring, and clear accountability for partners connected to your systems.
- Test your defences! Make sure you run regular penetration tests to see how secure your data is.
- Conduct a cyber assessment to better understand your defensive posture.
IKEA WAS ABLE TO FEND OFF THE ATTACK AND TAKE THE HIT, BUT FOR OTHERS...
Even while Ikea was able to shrug off the attack and ensure data was not leaked, the disruption to its operations in Eastern Europe still cost the group millions. Most businesses won't have deep enough pockets to come out of that unscathed.
Cyber risk is dynamic. It doesn’t wait for you to be ready. Stories like this aren’t about fear — they’re about being informed, prepared, and proactive. The more we share and reflect, the better we all get at responding.
If this story has prompted a conversation in your business — lean into it. That awareness is where resilience begins, and if you don't know what to do next, maybe our award winning cyber risk assessment can get you going in the right direction.
