What: Marks & Spencer’s profits fell 55% after a cyber-attack shut down its online business for six weeks.

Why it is important: This case demonstrates the severe financial and operational risks cyber-attacks pose to major retailers, reinforcing the need for robust digital resilience.

Marks & Spencer experienced a dramatic 55% drop in profit before tax for the first half of 2025, falling to £184.1m, following a cyber-attack that forced the closure of its online business for six weeks. The disruption led to a significant decline in fashion, home, and beauty sales, with online operations only fully restored by August. CEO Stuart Machin initially estimated the attack would cost the business £300m, though recovery efforts and insurance are expected to offset some losses. Despite the setback, M&S continued to invest in new stores, supply chain modernisation, and technology infrastructure, aiming to restore profitability by year-end. Food sales, less affected due to their in-store nature, rose by 7.8%, while the Ocado food delivery partnership posted a small loss. The phased recovery of online services and the return of third-party brands highlighted the complexity of restoring digital operations. The incident, linked to organised cybercrime groups, also resulted in customer data theft, underscoring the persistent threat to retail security.

IADS Notes: The M&S cyber-attack, which led to a £136mn profit hit and a six-week online shutdown, reflects a broader trend in retail, as seen in sector reports from May to November 2025. The Financial Times (November 2025) details the financial and reputational damage to M&S, while Retail Week (September and July 2025) and Retail Insight Network (May 2025) highlight similar incidents at Co-op and Harrods, exposing acute financial and operational risks from cybercrime and third-party vulnerabilities. Inside Retail (June 2025) emphasises the sector’s shift toward resilience and rapid recovery, with robust cybersecurity and technology investment now essential for business continuity and customer trust.

M&S cyber-attack slashed Q1 profits, 55% drop in profit before tax