The cyberattack that left Marks & Spencer with millions of dollars in losses

After months of silence and speculation, Marks & Spencer has officially confirmed the real extent of the cyberattack it suffered earlier this year. The British company has acknowledged that the incident not only paralyzed its online activity for weeks, but also caused millions of dollars in losses and a 55% drop in its biannual profits. The revelation highlights how even the most established brands can falter in the face of a digital security breach and how a lack of resilience can multiply economic damage.

‍

A cyberattack with immediate financial impact

The incident directly affected online and in-store pickup services (“click & collect”), forcing them to be suspended for almost two months. The result was devastating: pre-tax profits fell 55%, from 413 million to just 184 million pounds in the first half of the year. The company estimates that total losses could reach 300 million pounds, of which only a third would be covered by insurance.

The attack not only affected digital sales, but also consumer confidence and the perception of brand security, a difficult blow to reverse in such a competitive market.

‍

Beyond the numbers: a digital resilience issue

The Marks & Spencer case demonstrates that digital resilience—the ability to maintain operational continuity in the face of an attack—is as critical as the perimeter defense itself. A simple failure in incident management can result in weeks of inactivity, economic loss and reputational damage that take years to recover.

The retail sector, which is highly dependent on online platforms, has become a priority target for ransomware groups and denial of service (DDoS) attacks. Every interruption translates directly into lost sales and trust.

‍

Key lessons from the attack

• Cybersecurity is a business factor, not just a technical one. Its impact can be as significant as a supply crisis.
• Operational continuity must be planned with real simulations and redundant systems.
• Cyber insurance is no substitute for prevention: it reduces financial impact, but not loss of reputation.
• Transparent communication with customers and stakeholders is essential to minimize post-incident damage.

‍

What we recommend from Apolo Cybersecurity

At Apolo Cybersecurity, we analyze these types of incidents as a clear warning for the retail sector. We recommend that organizations:

• Implement incident response plans (IRP) with rapid decision protocols.
• Protect critical infrastructures and cloud environments through segmentation, continuous monitoring and early detection of anomalies.
• Train staff to respond appropriately to a digital attack or interruption.
• Review backup and recovery management, ensuring that systems can be restored without relying on committed third parties.

‍

Strengthening digital resilience, the key step to avoid millions of dollars in losses

Cyber attacks don't just cost money: they stop operations, damage reputations and erode customer trust. At Apolo Cybersecurity, we help companies strengthen their digital resilience, optimize their protection against incidents and ensure business continuity in the face of increasingly sophisticated threats.

‍