The way M&S addresses its cyber-attack could significantly influence its future and affect its customers.
The recent cyber-attack on Marks & Spencer is projected to result in a staggering £300 million loss in profits for the company this year. The retailer aims to restore its online shopping services to normal by August, over three months after its IT systems were compromised. Customers who rely on M&S for clothing and food can breathe a sigh of relief amid the uncertainty. However, this significant disruption and financial impact highlight the urgent need for major retailers to reassess their approach to cybersecurity. It must become a top priority, as few marketing strategies or HR initiatives can offset a £300 million loss in such a short timeframe. A more robust cybersecurity framework could potentially have mitigated this crisis.
While M&S faced a particularly severe incident, most cyber-attacks do not directly affect customers to this extent, with recovery often occurring behind the scenes. In this case, M&S shoppers experienced a collapse in online orders, failed contactless payments, and issues with refunds, gift cards, and loyalty points. Disruptions in stock management and warehousing led to empty shelves and increased food waste. On June 27, M&S issued a public apology and offered a £5 digital gift card to affected customers. Research indicates that the effectiveness of the recovery process is crucial for maintaining customer loyalty. Although it remains unconfirmed, it is possible that a ransom was paid to the attackers. Even after normal operations resume, stolen customer data can lead to identity theft and other criminal activities, underscoring the need for businesses to treat cybersecurity as a fundamental aspect of their operations.