M&S Cyberattack: £136 Million Price Tag as Profits Collapse 55%
Marks & Spencer has revealed the full financial impact of its April 2025 cyberattack, with total costs reaching £136 million and profits plummeting by more than half. The incident demonstrates how a single cyber breach can devastate even large retailers' financial performance and operational capabilities.
The Financial Damage
In its half-year results for the six months ended 27th September, M&S disclosed £101.6 million in charges already incurred, with another £34 million expected in the second half of the financial year. The breakdown shows £83 million spent on immediate systems response and recovery, with remaining expenses covering legal and professional services.
The retailer will offset some costs through its cyber insurance policy, claiming the maximum £100 million coverage. However, this still leaves M&S bearing £36 million in unrecovered costs—and that's assuming the insurance claim is paid in full without dispute.
Profits fell dramatically by 55.4% year-on-year to £184.1 million. Whilst the cyberattack bore primary responsibility for this collapse, a new packaging disposal levy added over £50 million in additional costs, compounding the financial pressure.
The attack's impact appears less severe than initially feared. M&S had warned in May that costs could reach £300 million by year-end, suggesting the company's recovery efforts proved more effective than worst-case scenarios anticipated.
Operational Disruption
Despite technical difficulties, revenues actually rose 22.1% to £7.96 billion—testament to M&S's brand strength and the effectiveness of manual workarounds implemented during the crisis. However, this revenue growth masks significant operational struggles across different business units.
Sales in fashion, home, and beauty departments declined 16.4% during the reporting period, driven largely by the complete halt in online orders spanning April to June. Online services returned gradually over following weeks, but recovery remained incomplete throughout the reporting period.
Food sales increased 7.8%, yet profits in this division collapsed 58.8%. Manual processes for allocating food items to stores resulted in increased markdown and waste. Store sales fell 3.4% partly due to reduced product availability. UK online sales plummeted 42.9%.
The Response Strategy
One of M&S's earliest incident response actions involved disconnecting warehouse management systems. This decision, whilst protecting systems from further compromise, meant online and in-store orders faced immediate adverse impact.
The retailer implemented manual processes to maintain business continuity. These workarounds kept stores operational but dramatically increased stock management costs. Operating profit margin collapsed from 12% to just 2.7%—a staggering decline showing how cyber incidents affect operational efficiency even after systems are restored.
The manual processes proved particularly problematic for food operations, where timing and stock rotation are critical. Increased waste and markdown from less efficient allocation methods severely impacted profitability despite maintaining sales volumes.
Broader Implications
M&S's experience illustrates several critical realities about cyberattacks on retail operations. First, cyber insurance provides important financial protection but rarely covers full costs. The £36 million gap between total costs and insurance coverage represents real money the business must absorb.
Second, immediate technical costs represent only part of the picture. Legal fees, professional services, operational inefficiencies, and lost sales compound the damage. M&S's operating margin collapse from 12% to 2.7% shows how cyber incidents undermine profitability even after technical systems are restored.
Third, recovery takes months, not weeks. Online orders halted in April didn't fully recover during the reporting period ending September. Business disruption extends far beyond initial incident response.
Fourth, even with manual workarounds maintaining operations, efficiency losses prove enormously expensive. The food division's 58.8% profit decline despite 7.8% sales growth demonstrates how manual processes destroy margins.
Looking Forward
CEO Stuart Machin described the first half as "an extraordinary moment in time" for M&S, stating the company is "now getting back on track." The full recovery timeline remains unclear, as does whether operating margins will return to pre-attack levels.
For retailers and other organisations, M&S's experience provides a stark case study in cyber incident costs. The £136 million price tag, 55% profit decline, and months-long operational disruption underscore why cybersecurity investment matters—and why incident response planning must account for prolonged business impact, not just technical recovery.
Protect Your Business from Cyber Threats
At Altiatech, we help organisations implement comprehensive cybersecurity strategies that prevent attacks and minimise impact when incidents occur. Our services include security assessments, incident response planning, and ongoing threat monitoring to protect your operations and financial performance.
Get in touch:
📧 Email:
innovate@altiatech.com
📞 Phone (UK): +44 (0)330 332 5482
Prevent attacks. Protect profits. Maintain operations.
