M&S betting on customer patience as cyber-attack threatens to ruin 2025's strong start

The Guardian

28-04-2025

Marks & Spencer was enjoying a strong start to 2025 thanks to a fashion revival and the warm spring weather. That has now been seriously undermined as the retailer scrambles to deal with disruption caused by a massive cyber-attack it first revealed a week ago.
At a time when M&S – alongside most major retailers – are pushing more automation on its customers and workers, industry insiders say the retailer's staff have been forced to return to pens, paper and clipboards to check stock in stores as internal systems have been put on hold.
Every second counts now, for M&S's bottom line and for its reputation. Shoppers report problems with the use of gift cards in stores while thousands of orders made on or after 23 April have been cancelled. On Monday, it emerged that the difficulties were now affecting Ocado, as M&S's deliveries of a small number of packaged foods to the online specialist it co-owns, were hit.
The cyber-attack first hit stores just over a week ago, with M&S pausing contactless payments and the collection of online orders last Tuesday. On Thursday, those systems mostly restarted but M&S halted all orders on its website – which accounts for just over a third of clothing and homewares sales – amounting to almost £3.8m a day.
As Patrick O'Brien, a retail analyst at GlobalData, says, cyber-attacks can have major consequences for businesses. 'This is one of the most damaging cyber-attacks on a major UK retailer we have seen, the worst since Carpetright last year, which tipped an already very weak retailer into administration,' he says.
M&S is a much stronger and larger business than Carpetright and not likely to be at risk of collapse, but the attack is having a direct impact on sales and as O'Brien says, the longer the disruption goes on, the more likely customers are to take their money elsewhere.
While most of the problems did not start until the later part of the Easter bank holiday, according to M&S, the attack cut off a run of buoyant trading. What M&S says was a separate incident also affected contactless payments in stores on the Saturday before Easter.
Before then, sales had jumped almost 9% in the three months to 30 March, according to industry analysts Kantar, well above the wider fashion industry, as it continued to win over shoppers.
M&S may derive some comfort from the fact that this is not happening during a peak trading period such as before Easter or Christmas, and Clive Black, M&S's house broker at Shore Capital, said he expected the retailer to recoup any losses resulting from the attack via insurance.
Sign up to Business Today
Get set for the working day – we'll point you to all the business news and analysis you need every morning
after newsletter promotion
'The financial impact will be a zero sum game,' he says. 'I don't believe there will be enduring damage unless they don't manage to fix it.'
'There will be Mr & Mrs Angry from Tunbridge Wells but most people can see in the last decade that M&S has materially improved as a business and there will be some sympathy. This is not something it brought on itself but a malevolent force.'
O'Brien agrees: 'Customers are surprisingly forgiving.'