Cyber Attack on Marks and Spencer
The cyber attack on Marks and Spencer department store is expected to cost around £136 million directly. This figure is simply the cost of immediate incident response and recovery, as well as support from specialist legal and professional services.
Financial Impact
Combined with lost sales as the retailer’s online systems were down from Easter into the summer, the company’s statutory profit before tax in the first half of the year was all but wiped out. This profit metric fell from £391.9m last year to £3.4m this year. An increase to “at least the previous year’s level” is expected for the second half of the department store’s fiscal year.
Insurance Coverage
Around £100 million will be recovered from insurance for the cyberattack. Using a different profit measure – M&S Group’s adjusted profit before tax – the figure is more than half what it was last year, from £413m to £184m.
Effects of the Cyber Attack
Sales were affected as online shopping was not possible from the attack date in April to June. Even in the days after the attack, some shelves were empty. The click and collect function was only restored in August. Ransomware hackers breached M&S systems by tricking employees of a third-party contractor.
Sales Performance
While overall sales volumes increased compared to the 12 months prior to fashion, home and beauty sales fell 16.4%, and international sales fell 11.6%. The attack was just one in a series of attacks on major British companies.
Industry Impact
Competitors like Next have said they benefited from the stop in some of the chain’s sales, but strong grocery sales suggest M&S has managed to retain customers. According to M&S managing director Stuart Machin, the company has seen monthly food volume growth for three years in a row. Other companies such as Co-Op, Jaguar Land Rover, and Harrods have had their operations disrupted by cybercriminals.
