Marks & Spencer's (M&S) statutory profit before tax was wiped out as a result of cyber attack on its systems in April 2025falling from £391.9m last year to £3.4m in the six months to 27 September.
M&S's overall sales fell in the first half as the retailer was forced to shut down its website and its grocery stores struggled to keep stock replenished – with M&S recording a significant increase in food markdowns and wastage caused by manual stock distribution.
In its half-year financial report, the company said it incurred costs of £101.6 million as a result of the incident, of which £82.7 million was incident response and recovery and £18.9 million was third party costs. The impact was partly mitigated by £100 million in cyber insurance payouts.
“The first half of this year has been a standout moment for M&S. However, the underlying strength of our business and strong financial foundation have given us the resilience to confront and manage this challenge. We are now getting back on track,” said chief executive Stuart Machin.
“Today we are going from strength to strength… We are determined to help our customers have a fantastic Christmas with exceptional service and what I truly believe is the best Christmas food and fashion on the market. Thank you to our colleagues for their hard work, our suppliers for their support and our customers for their loyalty. We are grateful to everyone who shops with us,” he said.
Joseph Rooke, Director of Risk Analysis, Recorded Future's Insight Group The research unit added: “The challenges facing M&S reflect the pressures many businesses are under as cyber threats grow in scale and complexity. “The incident also highlights the significant financial fraud risks that can arise from a successful cyber attack.
“M&S is not the first, and almost certainly will not be the last, to be in the news following a major cyber attack. This is a call for organizations in all sectors, large and small, to redouble efforts to improve protection where possible. Organizations that have created intelligence-driven cybersecurity programs It will be best to anticipate and prevent attacks before they happen.”
Cyber insurance is not necessarily a panacea
Simon Phillips, Chief Technology Officer (CTO), security platform provider CybaVerse said M&S had been able to weather a storm that would have sent many smaller companies to the bottom.
However, he cautioned against over-reliance on cyber insurance. “It is clear that having cyber insurance is not enough to cover all losses from attacks. M&S only recovered a very small proportion of its losses and other organizations should be aware of this,” he said. “As a result, when it comes to preparing for ransomware, the most important step is protection.”
The M&S cyber attack occurred at the end of April at the same time as a parallel incident at the Co-op Group, which also suffered significant lossesalthough operationally it did not suffer as much – and Harrods.
In July, police detained four people – two 19-year-old men, a 17-year-old boy and a 20-year-old woman. regarding these attacks.
All attacks and others, including ongoing incident at Jaguar Land Rover (JLR) are believed to be linked to the same loosely knit hacker collective, now referred to by most security agencies as the Scattered Lapsus$ Hunters.
