Marks & Spencer Group Plc has estimated a £300 million (US$403 million) reduction in operating profit for the current fiscal year because of a cyberattack that occurred in April.
The UK-based retailer stated it plans to offset the financial impact through cost-cutting measures and potential insurance recoveries. Online clothing and homeware operations, which generate over £3 million in daily sales, remain suspended and are expected to face continued disruption into July.
Food sales have also been affected, primarily due to lower product availability. The company noted that availability is now gradually improving. However, profit for the first quarter has been affected by additional waste and increased logistics costs stemming from the need to switch to manual processing systems.
The incident, which M&S first disclosed on April 22, led to a suspension of contactless payment services and the shutdown of certain IT systems. The disruptions resulted in stock shortages across stores. The company later confirmed that some customer data had been compromised during the breach.
Shares in M&S have declined 10% since the cyber incident, though the stock remains 34% higher compared with the same period last year, based on Tuesday’s closing price.
The UK has recently experienced a significant increase in cyberattacks, particularly targeting major retailers and public institutions.
Other retailers, including Co-op and Harrods, have also been targeted, with Co-op reporting system disruptions and Harrods taking precautionary measures in response to cyber threats.
Beyond the retail industry, the British Library faced a ransomware attack in October 2023, resulting in the theft of approximately 600GB of data and an estimated recovery cost of £6 to 7 million. The attack led to prolonged service outages, affecting researchers and the public.
In the public sector, the UK's National Cyber Security Centre (NCSC) reported a doubling of "nationally significant" cyber incidents, with 89 such events recorded in 2024, including 12 critical incidents.
Financially, research indicates that over the past five years, cyber incidents have cost UK businesses approximately £44 billion in lost revenue. While cyber insurance claims decreased by 20% in 2024 compared to the previous year, they remain higher than pre-2023 levels.
What are your thoughts on this story? Please feel free to share your comments below.
