Marks & Spencer has said that the cyberattack it experienced earlier this year may have cost the group £130 million in lost profits. It comes as the the group resumes its online ordering service today (Tuesday, June 10) following six weeks of disruption due to the attack back in April.
The group said in its full year results for the 2024/25 financial year, published at the end of last month, that the cyber incident is expected to have an impact of approximately £130m on the group’s operating profit for the 2025/26 financial year. This estimation excluded cost mitigation, insurance and trading actions, which the group claimed would reduce the loss.
The group’s operating profit for the 2024/25 financial year was said to be £984.5m. This means that if the cyber attack had occurred last year, M&S would have lost just over 30 per cent of its profits for the year.
M&S said in its annual results that online sales and trading profit in its fashion, home and beauty division had been ‘heavily impacted’ by the pause of online shopping. Consulting company GlobalData estimated that the group may have lost up to £130m from online apparel sales while its online service was unavailable.
Pippa Stephens, senior apparel analyst at GlobalData, said: “M&S was one of the biggest winners in the UK apparel market in 2024, with its market share rising 0.4 percentage points to 5.2 per cent, the highest it has been since 2017. This upward trajectory has now been compromised by the cyberattack, with GlobalData estimating that the retailer could have lost up to £130m in online apparel sales while its website was down, depending on how much spend shifted to stores.”
She added: “The impact of this cyberattack will be long-lasting for M&S, with the stealing of customer data potentially undermining its hard-won gains in brand reputation and customer loyalty. The retailer will have also been left with excess seasonal stock, impacting its margins as it will be forced to implement more discounts.
“Therefore, this incident serves as a stark reminder of the vulnerabilities retailers face in an increasingly digital landscape, where a single breach can have far-reaching consequences.”
The operating profit for the group’s fashion, home and beauty sales over the 2024/25 financial year was said to be £475.3m, meaning 37 per cent of the group’s operating profit for such sales would have been lost if the attack occurred last year.
The group confirmed last month that customer personal data had been taken by hackers as a result of the attack. It said it expected the disruption to continue throughout June and into July as the online shopping service returns. It added that the incident would also result in increased stock management costs in the second quarter of the financial year.
Stuart Machin, Chief Executive of M&S said: “We started the new financial year as we finished the last, with sales growth ahead of budget across both businesses. Over the last few weeks, we have been managing a highly sophisticated and targeted cyber-attack, which has led to a limited period of disruption. We have tackled this head on with incredible spirit, teamwork and deep sense of responsibility as we prioritised serving our customers.”
He added: “It has been challenging, but it is a moment in time, and we are now focused on recovery, with the aim of exiting this period a much stronger business. There is no change to our strategy and our longer-term plans to reshape M&S for growth and, if anything, the incident allows us to accelerate the pace of change as we draw a line and move on.”
M&S said that its stores had remained ‘resilient’ throughout the cyber incident. It added that it was confident the group would enter the second half of the year with a strong customer proposition and it would return to the performance it was delivering immediately prior to the incident.
Have a story you want to share? Email [email protected].
Don’t miss out on the biggest local stories. Sign up to our MySouthLondon newsletter HERE for all the latest daily news and more.
