M&S has revealed the fallout from last month’s cyber-attack will drag on until July- with losses now expected to wipe £300m from profits.
Investigators are pointing to the notorious hacking community, Scattered Spider, as the likely culprit.
The breach has crippled M&S’s operations, with online clothing and home orders being suspended since the attack.
It’s part of a wider wave of cyber threats hitting UK retailers – Co-op and Harrods among the latest victims.
Cyber attacks have cost UK businesses £44 billion over the past five years, with over half suffering at least one breach.
M&S is reportedly claiming up to £100 million from its cyber insurance — potentially one of the largest ever payouts in the UK retail sector.
While cyber insurance premiums had recently eased, a rise in claims is expected to push prices back up.
Marks & Spencer said, “We expect online disruption to continue throughout June and into July as we restart, then ramp up operations.”
M&S chief executive Stuart Machin said, “Over the last few weeks, we have been managing a highly sophisticated and targeted cyber-attack, which has led to a limited period of disruption.”
He added, “This incident is a bump in the road, and we will come out of this in better shape, and continue our plan to reshape M&S for customers, colleagues and shareholders.”
Machin said that during the ank holiday weekend his team identified “suspicious activity,” but just last year they simulated a cyber-attack, so we “was ready.”
He added, “We were able to respond quickly and take the right actions immediately.
“We knew who to call and how to put the business continuity plan into action.”
Camellia Chan, CEO and founder at X-PHY said, “The attack on M&S is another stark reminder that ransomware gangs are evolving faster than traditional defences can cope.
“Groups like Scattered Spider aren’t just locking companies out of their systems – they’re embedding themselves deep inside critical infrastructure, moving quietly, and striking at the worst possible moment.
“Encryption attacks expose the fatal weaknesses of reactive, software-only security. Once systems are compromised, the damage is already done.
“Prevention must be built in from the ground up. Businesses need a multi-layered approach that combines hardware-level security to detect and block attacks early. This should be combined with an AI-driven threat detection layer that automate detection and enforce policies in real time. With human-error contributing to 95% of data breaches, this removes the burden of constant vigilance from employees and constant resilience testing.
“By shifting to proactive, embedded defence strategies where hardware and software work in tandem, businesses can limit the blast radius before they escalate and recover faster. In today’s threat landscape, resilience isn’t a luxury. It’s a survival necessity.”
