M&S pegs cyberattack cleanup costs at £136M as profits slump
- Reference: 1762343683
- News link: https://www.theregister.co.uk/2025/11/05/ms_pegs_cyberattack_cleanup_costs/
- Source link:
The British retailer disclosed the figure in its [2]half-year results Wednesday, having recorded £101.6 million ($132.4 million) in charges for the six months ended September 27. It expects another £34 million ($44.3 million) in the second half.
Marks & Spencer swaps out TCS for fresh helpdesk deal [3]READ MORE
M&S said £83 million ($108.2 million) was spent on "immediate systems response and recovery," while the other expenses are connected to legal and other professional services.
Much of these costs will be offset by the maximum £100 million ($130.3 million) claim M&S made on its cyber insurance policy, as referenced in [4]May's 2025 profit and loss accounts and reiterated in today's results.
The attack hammered profits, which fell 55.4 percent year-on-year to £184.1 million ($240 million). The retailer had warned in May that the attack could cost £300 million ($391 million) by year-end.
[5]
The heavy hit to the bottom was largely attributed to the digital break-in, however, a packaging disposal levy – a new requirement for large businesses to cover the costs of expunging and recycling their packaging – added more than £50 million ($65.1 million) in additional costs.
[6]Jaguar Land Rover cyber-meltdown tipped to cost the UK almost £2B
[7]Marks & Spencer admits cybercrooks made off with customer info
[8]UK to ban ransomware payments by public sector organizations
[9]M&S online ordering system operational 46 days after cyber shutdown
[10]Empty shelves, empty coffers: Co-op pegs cyber hit at £80m
Revenues rose 22.1 percent to £7.96 billion ($10.36 billion), despite the technical difficulties in fulfilling orders, especially those usually made online or internationally. These processes were among the first to be shut down after [11]the cyberattack .
Sales in its fashion, home, and beauty departments declined 16.4 percent during the reporting period, owing largely to the halt in [12]online orders , which spanned April to June, before gradually returning over the following weeks.
[13]
[14]
Food sales increased 7.8 percent, although profits were down considerably by 58.8 percent, due to factors such as increased markdown and waste stemming from the manual processes involved in allocating food items to stores.
Experts count staggering costs incurred by UK retail amid cyberattack hell [15]READ MORE
Stores were open for business, but saw a 3.4 percent reduction in sales, partly due to reduced availability, and UK online sales were down 42.9 percent.
The retailer said one of the earliest actions it took in its incident response was to disconnect warehouse management systems, which in turn meant online and in-store orders were adversely impacted.
It was forced to introduce manual processes to keep the business running, which led to higher stock management costs and a decline in operating profit margin from 12 percent to 2.7 percent.
[16]
CEO Stuart Machin [17]said the first half of the year "was an extraordinary moment in time for M&S," but it is "now getting back on track." ®
Get our [18]Tech Resources
[1] https://www.theregister.com/2025/04/22/marks_spencer_cyber_incident/
[2] https://corporate.marksandspencer.com/sites/marksandspencer/files/2025-11/marks-and-spencer-hy-2526-rns.pdf
[3] https://www.theregister.com/2025/10/28/marks_spencer_helpdesk_deal/
[4] https://www.theregister.com/2025/05/21/ms_cyberattack_disruption/
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aQuCplcnEyASahARUBF9UgAAARY&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[6] https://www.theregister.com/2025/10/22/jaguar_lander_rover_cost/
[7] https://www.theregister.com/2025/05/13/ms_confirms_customer_data_stolen/
[8] https://www.theregister.com/2025/07/22/uk_to_ban_ransomware_payments/
[9] https://www.theregister.com/2025/06/10/ms_resumes_online_orders_46/
[10] https://www.theregister.com/2025/09/25/empty_shelves_empty_coffers_coop/
[11] https://www.theregister.com/2025/04/25/ms_halts_online_orders/
[12] https://www.theregister.com/2025/08/11/ms_restores_click_collect_following/
[13] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aQuCplcnEyASahARUBF9UgAAARY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[14] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aQuCplcnEyASahARUBF9UgAAARY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[15] https://www.theregister.com/2025/06/23/experts_count_the_staggering_costs/
[16] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aQuCplcnEyASahARUBF9UgAAARY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[17] https://corporate.marksandspencer.com/media/press-releases/half-year-results-26-weeks-ended-27-september-2025
[18] https://whitepapers.theregister.com/
Re: Example to others
The maximum claim was £100 million. And you'd imagine M&S wouldn't have the cheap insurance either.
A proper wake up call really for those still asleep.
Re: Example to others
"And you'd imagine M&S wouldn't have the cheap insurance either."
Could be pricier with zero NCD now. They'll have to start looking at the cheap insurers with crap policies on Comparethemarket, but at least they should get a meerkat cuddly toy with next year's policy.
Are you sure?
"The heavy hit to the bottom was largely attributed..."
Shirley you mean "The heavy hit to the bottom line was largely attributed,,," unless you're channelling your inner Jimmy Edwards in Whack-O! as per the icon?
zero sympathy
they offshored & outsourced to TCS to save money while sticking the british flag all over its produce & products..... fuck em!!!
from what i understand the initial access was a phone call to an indian call centre to change a password. then the encryption encrypted their vmware estate, which in a well structured environment should be impossible without alarms screaming everywhere.
so fuck em! the insurance company should have told them to fuck off as this was about as self inflicted as it gets & NCSC should have told them to fuck of when they came begging for help.
If vodafone or lloyds get hacked, i hold them in the same disdain! And if i hear the words "lack of cybersecurity skills in this country" Im going to stab myself in the face in the reception of the Department of Business, there's 1000s of unemployed guys in infrastructure who can't get jobs because of this offshoring bullshit & the millions of visas handed out to the consultancies to destroy our Tech industry
Re: zero sympathy
And if i hear the words "lack of cybersecurity skills in this country" Im going to stab myself in the face in the reception of the Department of Business
Please don't do that, for two reasons:
First, I work for the Department of Business and Trade (albeit not in the wildly overcrowded London HQ), but it'd be my colleagues slipping up in the pool of blood, and because a lot of people are working in corridors I might yet see you in the background of a Teams call doing your thing.
Second, the people currently accountable are probably more likely the Department for Science, Innovation and Technology and they're 150 yards down the other end of Whitehall. Or even HMT who are the other direction along Whitehall and round the corner. You wouldn't want to waste your gesture in the wrong place would you?
Re: zero sympathy
" And if i hear the words "lack of cybersecurity skills in this country" I'm going to stab myself in the face"
Recently advertised for 2 analyst roles, had 165 applicants so definitely a bigger pool than I've seen in previous years, definitely people wanting work out there
Re: zero sympathy
I've seen no adverts for for face self-stabbers, so cookiecutter needs to make sure he majors on the ITSec skills in his application.
Despite all this somehow my local M&S Food kept the shelves fully stacked all year. Unlike the nearby Morrisons whose shelves are mostly empty at any time of day, any day of the week.
A chunk of the Simply Food stores aren't run by M&S, they're franchised to the organisation formerly known as WHSmith, so maybe it's them you have to thank?
But its a fair point, that Morrisons (and Asda) were bought by private equity twats who thought it was easy to run a full range supermarket, and have found the hard way that it is incredibly hard.
Benefits
So M&S de facto shat on local IT workforce by choosing foreign "experts" and now is reaping the benefits of the decision.
Look at the corporate gaslighting:
M&S is part of the community where our customers and colleagues live and work. We drive action that makes a meaningful difference in the communities that we serve.
Re: Benefits
Maybe the location they're making a meaningful difference in is Mumbai?
Service, what service?
Don't service providers have to provide the service they are being paid for? If cyber-security was subcontracted to TCS, can anyone explain why TCS aren't paying for their failure?
Or will M&S's Insurers be seeking damages/reparations?
Example to others
You can't just hide behind a cyber insurance policy to justify pulling security investment and poor incident response planning.
You will be left out of pocket and out of ideas.