According to TheRegister.com, Marks & Spencer disclosed that its April cyberattack will cost approximately £136 million ($177.2 million) in total cleanup expenses. The British retailer recorded £101.6 million in charges for the six months ended September 27, with another £34 million expected in the second half. Profits plummeted 55.4% year-on-year to £184.1 million, largely due to the digital breach. Revenues actually rose 22.1% to £7.96 billion despite the attack severely impacting online and international orders. Fashion, home, and beauty sales declined 16.4% during the reporting period, while UK online sales collapsed 42.9% as the company disconnected warehouse management systems and implemented manual processes.
Sponsored content — provided for informational and promotional purposes.
Insurance can’t fix everything
Here’s the thing about that £136 million figure – M&S is getting £100 million back from their cyber insurance policy. But insurance doesn’t cover the real damage. The company had to shut down their warehouse systems, which meant online orders basically stopped for months. They were running manual processes to keep food going to stores, which led to increased waste and markdowns. Food profits dropped nearly 60% despite sales increasing. That’s the hidden cost nobody talks about – when your systems go down, your efficiency disappears and your margins get crushed.
The manual workaround problem
When M&S disconnected their warehouse management systems as part of their incident response, they basically had to go back to the Stone Age. Manual processes for a retailer of their scale? It’s a nightmare. Operating profit margin dropped from 12% to 2.7% – that tells you everything. They were moving stock around like it was 1995 while trying to maintain a 2025 business. And let’s be honest – how many retailers today could actually function manually for months? Most would just collapse.
Long-term damage assessment
CEO Stuart Machin calls it “an extraordinary moment in time,” but I’m skeptical about how quickly they can really bounce back. Fashion sales down 16.4% isn’t just about the cyberattack – it’s about losing customer trust and shopping momentum. When people can’t order online from their favorite retailer for months, they find alternatives. And they might not come back. The fact that they’re still expecting another £34 million in costs tells me this isn’t over. The initial warning was for £300 million – so maybe they got lucky, or maybe they’re just kicking the can down the road.
Bigger picture wakeup call
This should be a massive wakeup call for every major retailer. M&S isn’t some small operation – they’re a British institution. If they can get hit this hard, anyone can. The packaging disposal levy added another £50 million in costs, but that’s almost an afterthought compared to the cyber damage. Basically, modern retail runs on digital infrastructure, and when that fails, everything fails. You can read their half-year results and press release for the official spin, but the numbers don’t lie. This was a near-catastrophic event that exposed how fragile our digital supply chains really are.
