Content
Marks & Spencer recently provided an update to its customers following a costly cyber attack that took place over the Easter weekend earlier this year. The incident resulted in the theft of customer personal data, which may have included names, email addresses, postal addresses, and dates of birth. This breach was part of a wider series of attacks that affected multiple retailers during that period. The company revealed that the attack was caused by what it described as "human error," which led to significant operational disruptions and financial losses.
The financial impact of the cyber attack on M&S has been severe, with the company estimating a loss of around £324 million in sales—slightly higher than the £300 million figure it initially reported. However, the retailer was able to recover approximately £100 million in the first half of the year through insurance claims. Despite the setback, M&S's chief executive, Stuart Machin, expressed confidence in the company’s resilience, citing strong underlying business fundamentals and financial stability that helped the firm navigate this difficult period.
Machin also highlighted that additional cost pressures affected the first half of the financial year, including more than £50 million in increased expenses due to the national insurance rise in April. Nevertheless, he projected that profits for the latter half of the financial year would be at least on par with the previous year, supported by an accelerated cost-cutting initiative targeting £600 million in savings. He acknowledged the broader challenges facing the retail sector but emphasized that M&S is taking proactive steps to mitigate these headwinds through stringent cost management.
Operationally, the cyber attack disrupted several key areas for M&S. Online sales were particularly hard hit, with the company forced to halt orders via its website and mobile app for roughly six weeks. Home delivery services were suspended but resumed in June, while click and collect options only restarted in August—nearly four months after the cyber incident. This delay allowed competitors like Next to gain market share, as some shoppers turned to alternative retailers during the disruption.
The effect of the hack extended beyond online sales. Customers experienced difficulties using contactless payments, and order processing across many UK stores was affected. Physical stores also faced inventory shortages, compounding the challenges. As a result, the company’s underlying pre-tax profits plummeted by 55.4% to £184.1 million in the six months leading up to September 27, reflecting a sharp decline in home and fashion sales of over 40% during the affected period.
Despite the setbacks, M&S is showing signs of recovery. The company reported a surge in activity once its online platforms were restored, though the recovery in clothing, home, and beauty categories has been slower compared to food. Machin remains optimistic about the company’s prospects, emphasizing ongoing progress and a commitment to returning the group to full operational and financial health by the end of the current financial year.
Overall, while the cyber attack presented significant challenges for Marks & Spencer, the retailer’s response has been focused on stabilizing operations, recapturing lost ground, and implementing cost-saving measures. The coming months will be critical to see if these efforts translate into sustainable growth and customer confidence rebuilding.
