Marks & Spencer anticipates the financial impact of the cyber attack it suffered earlier this year will amount to £136 million by 2026, as announced today. This figure is in addition to the £100 million insurance income related to the incident, which affected the FTSE 100 firm in April.
The retailer was compelled to halt online orders for nearly two months during the summer, with click and collect services suspended for almost four months. Chief Executive Stuart Machin described the past six months as an “extraordinary moment in time” for the company. He stated, “Today, we are regaining momentum… Our plan to reshape M&S for long-term sustainable growth is unchanged, our ambitions are undimmed, and our determination to knuckle down and deliver is stronger than ever.”
M&S expects to be “recovered and back on track” by spring next year, predicting profits in line with last year’s figures over the next six months despite the lingering effects of the attack. The £136 million cost includes an £83 million charge for immediate response and recovery teams, alongside £18.6 million spent on specialist legal and professional services support.
In early trading, M&S’ share price showed minimal movement, dipping by just one percent.
For the 26 weeks from 27 September, covering the entire period of the cyber attack, M&S reported a half-year fall in profit before tax to £184.1 million, a decrease of £229 million from £413.1 million in 2024. Fashion, home, and beauty sales declined by 16.4 percent, while international sales fell by 11.6 percent. However, food sales rose by 7.8 percent, driven by “improved perceptions of value and quality,” according to the company. “The Food business is now largely recovered… [but] as we have rebuilt online customer traffic in Fashion, Home & Beauty, recovery has been slower,” the company added.
M&S had previously warned markets about the potential impact of the cyber attack, initially estimating the figure at £300 million.
