Marks & Spencer suffered a severe cyber-attack during a peak summer trading period, crippling its transactional systems and causing widespread operational disruption. The attack led to stock availability issues, preventing customers from purchasing products both in-store and online, with the website failing to accept orders for an extended period. As a result, M&S reported a **55.4% plunge in adjusted pre-tax profits** (from £413.1m to £184.1m in H1 2025), despite a 22.1% sales increase, as rivals like Next capitalized on its downtime. The incident eroded customer trust, with slower recovery in clothing sales suggesting long-term loyalty risks. While a **£100m insurance payout** mitigated some financial damage, the attack exposed critical vulnerabilities in M&S’s cybersecurity and supply chain, prompting accelerated tech investments. The timing—during a high-demand summer—amplified losses, as the retailer failed to capitalize on seasonal sales. Recovery efforts now focus on rebuilding customer confidence, upgrading systems, and reviving brand appeal ahead of the crucial Christmas period, though broader economic pressures (e.g., potential tax hikes) threaten further challenges.
Source: https://www.ajbell.co.uk/news/marks-spencer-mounts-comeback-after-profit-hit-cyberattack
TPRM report: https://www.rankiteo.com/company/marks-and-spencer
"id": "mar0102201110625",
"linkid": "marks-and-spencer",
"type": "Cyber Attack",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'Widespread (no specific number '
'provided)',
'industry': 'Retail (Clothing, Food, Home Goods)',
'location': 'United Kingdom',
'name': 'Marks & Spencer (M&S)',
'size': 'Large (FTSE 100)',
'type': 'Publicly Traded Retailer'}],
'customer_advisories': ['Indirect (via marketing campaigns and product '
'promotions)'],
'date_publicly_disclosed': '2025-11-05',
'description': 'Marks & Spencer suffered a catastrophic cyber-attack during '
'summer 2025, leading to a 55.4% drop in adjusted pre-tax '
'profit (from £413.1m in H1 2024 to £184.1m in H1 2025). The '
'attack disrupted stock availability, online transactions, and '
'customer trust, causing shoppers to switch to rivals like '
'Next. While sales grew by 22.1% (£7,965.2m in H1 2025 vs. '
'£6,524.3m in H1 2024), profitability was severely impacted. '
'The company received a £100m insurance payout but faces '
'long-term challenges in customer retention, supply chain '
'recovery, and cybersecurity upgrades. Food sales remained '
'strong, but clothing recovery lagged. The incident occurred '
'during a peak summer shopping period, exacerbating losses.',
'impact': {'brand_reputation_impact': ['Short-term erosion',
'Risk of long-term customer loss '
'(especially in clothing)',
"Need for 'clever marketing' to "
'rebuild trust'],
'conversion_rate_impact': 'Decline (customers unable to complete '
'purchases)',
'customer_complaints': "Likely (implied by 'headache' for online "
'shoppers)',
'downtime': ['Prolonged (summer 2025)',
'Transactional website inoperable for an unspecified '
'period'],
'financial_loss': {'adjusted_pre_tax_profit_decline': '£229m '
'(55.4% '
'drop)',
'insurance_payout': '£100m'},
'operational_impact': ['Stock availability issues',
'Inability to process online orders',
'Customer defection to competitors (e.g., '
'Next)',
'Slower recovery in clothing sales vs. '
'food'],
'revenue_loss': 'Indirect (profit decline despite 22.1% sales '
'growth)',
'systems_affected': ['Inventory Management',
'E-commerce Platform',
'Transactional Website',
'Supply Chain']},
'initial_access_broker': {'high_value_targets': ['Inventory systems',
'E-commerce platform']},
'investigation_status': 'Ongoing (implied by planned cybersecurity '
'investments)',
'lessons_learned': ['Critical importance of cybersecurity during peak retail '
'periods (e.g., summer).',
'Need for resilient supply chain and inventory systems to '
'prevent stock shortages.',
'Customer loyalty is fragile; competitors can quickly '
'capitalize on disruptions.',
'Food innovation can offset losses in other segments '
'(e.g., clothing).',
'Proactive investment in technology is necessary to '
'prevent future incidents.'],
'motivation': ['Financial Gain', 'Disruption'],
'post_incident_analysis': {'corrective_actions': ['£100m+ investment in '
'cybersecurity and '
'technology upgrades.',
'Supply chain modernization '
'program.',
'Store updates to improve '
'operational resilience.',
'Enhanced marketing to '
'rebuild customer base.'],
'root_causes': ['Inadequate cybersecurity measures '
'to prevent disruption during peak '
'periods.',
'Vulnerabilities in supply chain '
'and stock management systems.',
'Lack of redundancy in '
'transactional website '
'infrastructure.']},
'recommendations': ['Implement multi-layered cybersecurity defenses, '
'including real-time threat detection.',
'Conduct regular stress tests for e-commerce and supply '
'chain systems.',
'Develop a crisis communication plan to retain customer '
'trust during disruptions.',
'Accelerate digital transformation to improve operational '
'agility.',
'Leverage data analytics to predict and mitigate stock '
'availability risks.',
'Strengthen partnerships (e.g., Ocado) to diversify '
'revenue streams.'],
'references': [{'date_accessed': '2025-11-05',
'source': 'Marks & Spencer Half-Year Results H1 2025'}],
'response': {'communication_strategy': ['Public disclosure via half-year '
'results (Nov 5, 2025)',
'Media statements on recovery plans'],
'containment_measures': ['Restoration of shops and websites to '
'normal operations'],
'enhanced_monitoring': 'Planned (part of cybersecurity '
'investment)',
'incident_response_plan_activated': 'Yes (implied by recovery '
'efforts)',
'recovery_measures': ['Marketing campaigns for autumn/winter '
'ranges',
'Product innovation (especially in food)',
'Ocado joint venture optimization'],
'remediation_measures': ['Accelerated investment in '
'cybersecurity technology',
'Supply chain improvements',
'Store updates']},
'stakeholder_advisories': ['Investors notified via half-year results',
'Likely internal briefings on recovery strategies'],
'title': 'Marks & Spencer Cyber-Attack Impacting H1 2025 Earnings',
'type': ['Cyber Attack', 'Operational Disruption', 'Supply Chain Attack']}