Marks & Spencer (M&S) has reported a dramatic fall in profits following the major M&S cyber attack in April 2025, with statutory pre-tax profits dropping from £391.9 million to just £3.4 million in the six months ending 27 September.
The incident severely disrupted the retailer’s online and in-store operations, forcing its website offline and causing widespread stock shortages across food halls. M&S faced increased markdowns and food wastage as teams struggled to manage inventory manually during system recovery.
Financial Impact and Recovery Efforts
According to M&S’s half-year financial report, total costs related to the M&S cyber attack reached £101.6 million—£82.7 million spent on response and recovery, while £18.9 million went toward third-party costs. These losses were partially offset by £100 million in cyber insurance claims.
Chief executive Stuart Machin described the first half of 2025 as a period of “extraordinary challenge,” emphasizing that the company’s financial stability and business strength helped it recover. “We are now getting back on track,” he said. “We are determined to help our customers have a fantastic Christmas with exceptional service and what I truly believe is the best Christmas food and fashion in the market.”
Machin also expressed gratitude to staff, suppliers, and customers for their continued support during the disruption, highlighting the company’s efforts to restore normal operations and rebuild customer confidence ahead of the holiday season.
Experts Warn of Rising Cyber Threats
Security researchers say the M&S cyber attack highlights the increasing scale and sophistication of cyber threats facing large organizations. Joseph Rooke, director of risk insights at Recorded Future’s Insikt Group, noted that the attack illustrates “the significant financial and operational risks” tied to modern cyber intrusions.
“M&S is not the first, and won’t be the last, to make headlines after a serious cyber attack,” Rooke said. “This is a call for organizations across sectors to strengthen defences and invest in intelligence-led cybersecurity strategies that can anticipate and prevent attacks.”
The April attack occurred alongside similar incidents affecting the Co-op Group and Harrods. While Co-op’s losses were also significant, it was less operationally impacted. Investigations into the coordinated attacks have led to multiple arrests in July, but security analysts continue to monitor the situation as part of broader activity attributed to a hacking group informally known as “Scattered Lapsus$ Hunters.”
Cyber Insurance Limitations
While M&S’s insurance payout provided partial relief, experts cautioned that cyber insurance should not be viewed as a complete safeguard against the financial impact of such incidents. Simon Phillips, chief technology officer at security platform provider CybaVerse, warned that the M&S case demonstrates the limitations of relying solely on coverage.
“Having cyber insurance in place isn’t enough to cover all losses,” Phillips explained. “M&S only recovered a small proportion of its total costs. For many organizations, the best approach to mitigating ransomware and cyber threats remains proactive defence and resilience planning.”
The company’s experience highlights the growing challenges even established enterprises face in defending against complex cyber operations. Analysts suggest that while cyber insurance can help offset certain costs, strong prevention strategies, regular security audits, and rapid response capabilities remain the most effective safeguards.
As M&S works to restore full functionality across its systems and rebuild customer trust, the M&S cyber attack serves as a reminder of the long-term operational and financial consequences that can follow a single major cyber breach.
Visit CyberPro Magazine to read more.
