Marks & Spencer (M&S) experiencing a significant cyber-attack, which is expected to disrupt their online services until July, has certainly sent shockwaves through the retail industry and their customer base. The attack, which occurred over the Easter weekend, initially affected the company's click-and-collect and contactless payments before extending to a full suspension of online ordering. This unfortunate event is estimated to cost M&S approximately £300m in lost profits this year, which is more than what analysts had initially anticipated.
721ed3a0-3628-11f0-b2c9-2d36257649ec.png.webp
The cyber-criminal group responsible for the attack, known as Scattered Spider, has a history of targeting prominent UK retailers such as the Co-op and Harrods. However, the impact on M&S appears to be the most substantial among the recent victims. The hackers managed to gain access to M&S's systems through a third-party service provider, emphasizing the importance of thorough security measures across all tiers of business operations.
Stuart Machin, the CEO of M&S, assured the public that the company had been prepared for such an incident after conducting a cyber-attack simulation the previous year. This preparation allowed them to respond quickly and effectively, taking their online system down to protect both the website and its customers. While he did not confirm whether a ransom had been paid, he did state that the company's priority was to ensure customer data remained secure.
The gradual restoration of the website's operations will see 85% of the product range become available shortly, with the company aiming to get back to normal as soon as possible. Despite the setback, Machin is optimistic that this incident can serve as a catalyst for further innovation and improvement in their digital strategies, potentially accelerating the pace of their ongoing turnaround program.
The M&S turnaround strategy, initiated when Machin joined in 2022, has been focusing on enhancing in-store offerings, revamping their property portfolio, and integrating advanced digital technology into their operations. The recent financial results, which included a 22% increase in profit before tax to £875m and a 6.1% rise in sales to £13.9bn, show that the company had been on a positive trajectory before the cyber-attack.
The aftermath of the attack will undoubtedly be challenging for M&S, with additional costs from reduced food availability and lost online sales in fashion, home, and beauty categories. Moreover, there may be additional expenses related to fines, litigation, and bolstering security measures to prevent future incidents.
Nevertheless, the company remains hopeful that with the support of its cyber-insurance policy and cost reduction efforts, it can recover from this setback. Analysts like Lucy Rumbold from Quilter Cheviot also share this optimism, believing that M&S will emerge from this incident stronger if the problem is fully resolved.
The M&S cyber-attack serves as a stark reminder of the ever-evolving landscape of cybercrime and the need for robust security measures in all sectors, especially in retail where customer trust is paramount. It will be crucial for M&S to communicate transparently with its customers and stakeholders, ensuring that confidence in the brand remains high while they navigate the recovery process.
BBC