UK (Parliament Politics Magazine) – Marks & Spencer profits drop to £184.1M after cyber-attack halts online orders, with clothing and homeware sales down, while food sales rise 7.8%.
As reported by The Guardian, Marks & Spencer’s profits have fallen by over half following a damaging cyber-attack, which continues to hit its clothing and homeware business.
What did M&S say about profits, recovery after cyber-attack?
M&S reported underlying profits fell to £184.1m in the half-year to 27 September, down from £413.1m a year earlier, following a six-week suspension of online clothing and homeware sales.
The firm’s clothing and homeware sales declined 16.4% in the six months, with the division recovering more slowly from the cyber-attack than its food business.
The retailer’s sales had suffered from limited stock and fewer visits due to the pause in click-and-collect. With warehouse operations restored, “both the website and stores are seeing improved stock and trading.”
The company reported a 7.8% rise in food sales over the half-year, saying it had largely recovered from the cyber-attack, while overall group sales rose 22% to £7.96bn.
It added in a statement,
“We are confident we will be recovered and back on track by the financial year end [in March].”
The retailer said profits were aided by a £100m cyber insurance payout, but new packaging recycling charges and additional insurance costs cost the company £50m.
The company plans to save £600m in cost savings in 2025 to maintain annual profits, increasing its previous target by £100m. It added six new stores in the half-year to September and aims to open 12 more by March, despite ongoing cost-saving measures.
Stuart Machin, the chief executive of M&S, stated,
“In the second half, we expect profit to be at least in line with last year. This should give us a springboard into the new financial year and set M&S up for further growth.”
He said,
“The retail sector is facing significant headwinds – in the first half, cost increases from new taxes were over £50m – but there is much within our control and accelerating our cost reduction programme will help to mitigate this.”
Mr Machin added,
“Our plan to reshape M&S for long-term sustainable growth is unchanged, our ambitions are undimmed, and our determination to knuckle down and deliver is stronger than ever.”
How did M&S halve cyber-attack losses to £150m?
The cyber attack on Mark Spence in May involved a supply chain attack that exploited vulnerabilities in connected systems, allowing attackers to gain unauthorized access and disrupt operations.
It said it expects a £300m hit to profits this year from a damaging cyber-attack, with plans to reduce the financial impact of the breach to around £150m using insurance, cost-cutting, and other measures.
What did Julius Černiauskas say on the M&S ransomware threat?
Julius Černiauskas, the chief executive of the web intelligence experts Oxylabs, stated,
“Following the M&S cyber-attack and the potential involvement of hacking group Scattered Spider, all major UK retailers will be seriously worried if they’ll be tangled in the web next. The impact on the M&S share price shows the damage these attacks can do and will have many corporate retailers working day and night to ensure they do not suffer a similar fate.”
He added,
“Ransomware gangs typically target companies like M&S with the aim of causing maximum disruption to force a quick payout. Their goal is simple: the greater the disruption, the greater the pressure on the company to pay the ransom.”
What did CIPS reveal about rising cyber-attacks on supply chains?
A survey by the Chartered Institute of Procurement and Supply shows nearly a third of business leaders report increased cyber-attacks on their supply chains, following high-profile incidents including Jaguar Land Rover.
It revealed that 29% of managers reported companies in their supply chains had been targeted by cyber-attacks.
Ben Farrell, the chief executive of CIPS, said,
“The nature of global trade, the way we look at global supply chains and the digital supply environment are ever more interconnected.”
He added,
“Organisations are increasingly enabled by other organisations. Gone are the days of thinking of an organisation as an entity operating in isolation.”
Which major types of cyber attacks threaten businesses?
The major types of cyber attacks threatening businesses in 2025 are:
- Phishing attacks
- Ransomware
- Supply chain attacks
- Distributed Denial of Service (DDoS) attacks
Business Email Compromise (BEC) attacks
