The M&S cyberattack earlier this year wiped away more than half the company’s profits, according to its half-year financial report – highlighting why cybersecurity is becoming an urgent and growing priority for online retailers
The British retail giant’s profit before tax for the six months leading to 27 September 2025 was £184.1 million – down £229 million YoY. The adjusted profit also includes a £100 million insurance payout relating to the cyberattack. Despite the disruption, food sales at M&S increased by 7.8%, however Fashion, Home & Beauty plunged 16.4%, and international sales dropped 11.6%. Ocado Retail posted a £3.1m operating loss, while the interim dividend edged up to 1.2p.
The fallout from the cyberattack
As well as exposing M&S customer data, the ransomware breach by the Scattered Spiders group in April suspended online orders for six weeks and shut down automated stock and logistics systems, forcing stores to revert to manual processes and leaving shelves empty. Although M&S had previously estimated the cost of the cyberattack at around £300 million, meaning that this half-year financial statement is a significant improvement on expectations, the hit to the company’s profits is a serious blow, nonetheless.
CEO Stuart Machin described the first half of the year as “an extraordinary moment in time for M&S” but added that “the underlying strength of our business and robust financial foundations gave us the resilience to face into the challenge and deal with it. We are now getting back on track.”
The M&S cyberattack and its impact on the company’s profits raises questions about what online retailers need to do to protect themselves from significant damage. As Simon Phillips, CTO of Engineering at cybersecurity company CybaVerse points out, for many less resilient retailers, the losses suffered by M&S “would signal the end of the road.” But, in a year that’s also seen Jaguar Land Rover, Harrods and Co-op disrupted by cyberattacks, it’s unlikely hackers are going to stop targeting retailers any day soon. Cybersecurity firm PureCyber says that, in the first quarter of this year alone, ransomware attacks on UK retailers surged by an alarming 74.71%.
And as retailers continue to search for growth by developing cloud applications and AI capabilities, opportunities are opened up for cybercriminals, meaning ransomware attacks are likely only to increase. So how can retailers prepare for this? Insurance can mitigate some of the damage – as the M&S case demonstrates – but not all of it, and paying the ransom demanded by the hackers is, as Simon Phillips points out, unlikely to reinstate full system access or make up for lost operational downtime.
Defence – the best strategy
Phillips believes that defence is the most important strategy for online retailers. “As an organisation’s environment grows through the onboarding of cloud applications, AI and remote working, security teams must ensure all these assets are covered by the security posture,” he states. “They must also run regular automated backups, train staff regularly on the techniques criminals use to breach organisations, especially in the age of AI, plus run regular tabletop exercising to rehearse response and recovery from various cyber events.”
The M&S results act as a stark warning for the retail sector: even the most established brands are vulnerable to ransomware attacks that can wipe out hundreds of millions in profit and cripple operations for weeks. With hackers targeting retailers at scale and exploiting cloud and AI-driven environments, cybersecurity can no longer be an afterthought. Defence-first strategies – robust security posture, regular backups, staff training, and rehearsed recovery plans – are now essential for survival in an era where resilience is the ultimate competitive advantage.
Stay informed
Our editor carefully curates two newsletters a week filled with up-to-date news, analysis and research. Click here to subscribe to the FREE newsletter sent straight to your inbox. Why not follow us on LinkedIn to receive the latest updates on our research and analysis?
