M&S Prepares for £300 Million Cybersecurity Incident Expenses

Marks & Spencer (M&S) is facing substantial financial repercussions from an ongoing cyber incident, estimating costs to reach approximately £300 million ($400 million). The primary source of this financial impact stems from lost sales due to the company’s decision to suspend online orders following an attack that emerged in April 2025. This disruption has significantly affected M&S’s fashion, home, and beauty sectors.

Furthermore, the retailer reported complications in food sales due to limited product availability, incurring additional costs associated with waste and logistics from the shift to manual operating processes. M&S anticipates that online orders will not resume until July, further complicating stock management and increasing operational costs for the second quarter of the financial year 2025/26.

To mitigate the financial impact, M&S is strategizing to manage costs effectively, leveraging insurance, and implementing other trading measures. The costs associated with the cyber incident are expected to be classified as extraordinary items in the forthcoming financial results for the fiscal year 2025/26.

The report also highlights M&S’s robust performance prior to the cyber incident, noting its highest pre-tax profits in over 15 years during the fiscal year 2023/24.

Enhancing Operational Resilience

In response to the disruption, M&S has articulated a commitment to leverage this situation as an opportunity to accelerate improvements in its infrastructure and network connectivity, along with advancements in store technology and supply chain systems. These measures aim to diminish system interdependencies and bolster operational resilience.

CEO Stuart Machin characterized the event as a temporary setback, vowing that it will not alter the company’s growth trajectory. He stated, “While this challenge has been significant, it represents a moment in time, and we are now focused on recovery. Our goal is to emerge from this period as a much stronger business. Our strategy remains unchanged, and, if anything, this incident allows us to expedite our pace of change.”

The Impact of Ransomware

While details regarding the nature of the attack remain sparse, reports indicate that the incident may be linked to the Scattered Spider ransomware group, known for deploying DragonForce ransomware. The financial implications of such attacks are profound, reflected in M&S’s expected losses which emphasize the far-reaching consequences of ransomware, including recovery expenses and lost revenue.

Research from the Ponemon Institute revealed that 58% of ransomware victims in 2024 faced operational shutdowns during recovery, with 40% experiencing significant revenue declines. M&S disclosed on May 13 that the attackers accessed personal customer information, including contact details and order history, heightening vulnerability to social engineering and financial fraud.

In summary, M&S’s current cyber incident underscores the critical need for robust cybersecurity measures and resilience planning to mitigate the impact of such attacks on both operational capability and financial performance.