Marks & Spencer (M&S), one of the UK’s most recognised retail brands, has suffered a major financial setback after a cyber attack earlier this year caused serious disruption to its business. The incident damaged the retailer’s online operations and had a direct impact on profits. M&S has confirmed that the cyber attack will reduce its annual profits by £136 million, which is about €154 million.
The cyber breach not only weakened the company’s finances but also affected day-to-day business. In the first half of the financial year, M&S recorded a £101.6 million charge due to the attack. A further £34 million will hit the second half, as the company rushes to upgrade its technology systems to prevent similar incidents in the future.
The disruption was severe. The retailer was unable to sell clothes and furniture online for seven weeks, which led to a major drop in online sales. This outage significantly affected earnings, especially at a time when online shopping plays a crucial role in retail revenue.
The cyber attack also led to the theft of customer data, raising concerns about data security and privacy. Following the incident, M&S saw its market value fall by more than £750 million, showing how sharply investor confidence was shaken once the news became public.
Profits Fall Sharply as Online Sales Suffer
The financial results clearly show the damage caused by the cyber attack. M&S reported a 55% drop in profits for the first half of the year. Profits fell to £184.1 million, compared with £413.1 million during the same period last year. This sharp drop came mainly from the disruption to online and non-food sales.
Before this incident, M&S was expecting the attack to cost the company as much as £300 million in operating profits for the year. Although this amount may now be lower than expected, the impact is still very large for a company of its size.
M&S confirmed that it has claimed £100 million from its insurers for the damage caused by the cyber attack. This insurance payment will help cover part of the financial hit, although it will not make up for the full impact.
US sanctions rock Singapore’s Khoon Group—links to alleged cybercrime network spark corporate exodus
Sales Update: Food Business Helps Balance the Impact
Despite the difficult period, M&S saw an increase in its overall revenue. For the six months ending September 27, the retailer reported revenue of nearly £8 billion, which is a 22% rise from last year. The strong performance in the food business played a key role in lifting total sales.
M&S Food, which is the company’s largest business by revenue, performed strongly and helped balance some of the losses from non-food categories. Many customers continued to shop for groceries and food items even during the period of the cyber attack.
However, the fashion, home, and beauty divisions experienced a decline. These segments were directly impacted by the seven-week shutdown of online sales. Since many customers now purchase clothing and home items online, the outage caused a heavy drop in sales in these categories.
There was also a fall in adjusted basic earnings per share, which dropped by 55% to 6.6p. On a positive note for shareholders, the dividend was increased by 20% to 1.2p per share, showing that the company still wanted to reward its investors during a challenging period.
$875K penalty rocks Georgia Tech Research Corp for weak cyber defenses in DARPA, Air Force projects
Who Was Behind the Attack and How M&S Responded
The company shared that it believes the cyber attack was carried out by a group of cyber criminals known as DragonForce. The group is reported to have links to Russia. The attack targeted M&S systems and led to the theft of customer data. This raised major concerns regarding data safety and the protection of shopper information.
The attack also exposed weaknesses in the company’s online and technology systems, which is why M&S has now begun upgrading its digital operations. Although this meant additional costs, the improvements are expected to make the company’s systems stronger, safer, and better protected from cyber threats.
The cyber incident has brought attention to the growing risk of cyber attacks on major businesses, especially those with a strong online presence. With more people choosing to shop online, cyber security has become a critical part of business operations across the world.