M&S Loses US$400m Following Cyber Attack But Resumes Service
Marks & Spencer has managed to restore its online order functions across England, Scotland and Wales, marking the end of a protracted six-week digital disruption caused by a cyber attack.
In April, the retailer halted all online services following the sophisticated cyber attack, which was carried out by the Scattered Spider hacking group.
M&S has not been alone in this, though. In 2025, several organisations across the UK's grocery supply chains have been targeted, including the Co-op and Peter Green Chilled, with the former struggling to stock its shelves and the latter grappling with logistics issues.
However, Marks & Spencer's has, without doubt, suffered the most. This morning, the company reported that it expects to lose more than US$400m in losses as a result of missed sales opportunities.
It has also become apparent that the attacks were initiated via a third-party contractor system, which speaks to the fragility of the firm's supply chain and its preparedness in dealing with cybersecurity breaches.
Marks & Spencer has resumed taking home delivery orders via its website since the cyber attack over the Easter weekend, with John Lyttle, M&S’s Managing Director of Fashion, Home & Beauty, confirming that the chain will be offering its full suite of clothing products online from today.
However, complete service restoration, including click-and-collect and next-day delivery, is expected to take several weeks.
The financial aftermath
Financially, the implications of the cyber attack have been monumental. In fact, the cyber attack on Marks & Spencer will likely end up being one of the most costly in British retail history.
The UK's retail landscape has seldom seen such economically impactful cyber threats, with M&S experiencing substantial weekly losses estimated at £25 million (US$33.7m) from their clothing and homewares segments alone.
The anticipated impact of these attacks will potentially result in losses around £300 million (US$404m) by July, marking a severe deviation from the retailer’s pre-attack performance, which had been robust with significant pre-tax profits increase.
Whilst M&S has been recording year-on-year growth for the past four financial terms, these losses will send a shock through its supply chain, as well as the supply chains of other major British retailers.
MI5, the UK's foremost military intelligence service, has a maxim that it uses to show the risks involved with disrupted supplies. The agency says that the country is only ever "four meals away from anarchy", meaning that if the nation were to suffer an acute episode of food insecurity, civil unrest would like ensue.
Supply chain resilience is critical in preventing this hypothetical scenario from ever unfolding, so industry professionals are examining the M&S situation keenly to see what lessons will be learned following the resumption of regular service.
“The shelves might get restocked, but the long-term effects ripple through every part of the business,” says Dustin Kluttz, Senior Cybersecurity Strategist at Cybersecure.
Is this a wake-up call for supply chain security?
As M&S navigates the aftermath of the attack, the retail sector will be doing a great deal of reflecting. Meanwhile, industry experts are urging companies to consider the strength of their digital security infrastructures.
“Will this be the watershed moment where companies start to take cybersecurity seriously, at least in the UK?,” asks John Marsh, Technology Director at SRC.
The attack has raised serious questions about customer data protection and whether consumers will feel safe sharing personal information with the retailer going forward.
“On a professional level it is important to make sure that businesses understand the damages a cyber attack can cause a business, not just in the short term but in the long term too,” explains Doriane Alba, Customer Success Manager & Head of Strategic Partnerships at RiskImmune.
Explore the latest edition of Supply Chain Digital Magazine and be part of the conversation at our global conference series, Procurement & Supply Chain LIVE.
Discover all our upcoming events and secure your tickets today.
Supply Chain Digital is a BizClik brand.
