The cyber attack on Marks & Spencer (M&S) has been just as devastating as first feared, with the company recording a massive hit to its bottom line.
Half-year results for the retailer show statutory profit before tax for H1 2025 fell by a staggering 99% from £391.9 million to £3.4 million. Adjusted profit before tax was down from £413 million to £184 million.
The company recorded almost £102 million in one-off costs related to the cyber incident in the first half of the year, including legal and professional support and bringing its tech team in-house. It said it expected to spend another £34 million on similar costs during the second half.
"We entered 2025/26 with strong trading momentum and a clear plan to invest in transformation and growth. However, in the first few weeks of the financial year, we experienced a cyber incident. We responded quickly and took immediate action to protect our customers, our suppliers and the business which included proactively taking some of our systems offline," said chief executive Stuart Machin.
"Since the incident, we have prioritized recovery across our technology estate and restoring operations. Our customer-facing systems were restored in the summer, and practically all operational systems have now been recovered."
Machin said he was confident that the firm would have recovered and would be back on track by the financial year-end, adding that as the effects of the incident fade away, he expects profit at least in line with last year for the second half.
Profits were helped by an insurance payout of £100 million. However, Simon Phillips, CTO of Engineering at CybaVerse, said the retailer only recovered a “very small proportion of its losses” and urged other businesses to take note.
Nor should companies assume that paying a ransom will put everything right.
"Other business leaders may look at these losses and believe paying ransoms is the lesser of two evils, given demands would rarely reach as high as £229 million, but they shouldn't be fooled," he said.
"Paying ransom demands rarely reinstates full system access and organizations will often still suffer operational down time and significant losses even after paying."
What happened with the M&S cyber attack?
The attack on the company’s IT systems, which took place in April, is believed to have taken place through a social engineering incident that involved impersonating workers and IT help desks.
It forced the company to suspend online clothing orders for several weeks and click-and-collect services for nearly four. Deliveries to stores and to its online food partner, Ocado, were also disrupted.
The incident has been pinned on the DragonForce Ransomware as a Service (RaaS) operation, linked to the Scattered Spider hacking group, which is also believed to have been behind attacks on the Co-operative Group and Harrods.
In July, four people were arrested as part of a National Crime Agency (NCA) investigation into the attacks.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
