M&S cyber attack is a wake up call for retailers
The M&S cyber attack that has taken almost 3 months and cost the business £650 million in lost value…
In April . Customer data was compromised, including names, dates of birth, contact details and order histories for 9.4 million active customers. Payment card details remained safe. The breach exploited a SIM swap at a third-party provider. Online trading halted for six weeks. Reported costs reached up to £300 million, partly covered by insurance, with claims around £100 million. This incident signals risks for all retailers. Smaller businesses must learn key lessons.
Why does the M&S cyber attack matter to your business?
Every retailer depends on systems and data. Cyber criminals target operations without warning. Often they exploit third-party weaknesses. Therefore, resilience starts with understanding exposures. Many SMEs lack deep IT defences. Consequently, they face rising risk. Moreover, brand trust can vanish overnight.
Customers expect safe services. Failure to protect data harms reputation. Thus, proactive steps are vital. You can limit damage before it strikes.
What happened at M&S
Early signs appeared over Easter weekend 2025. Click and collect and contactless payments failed. By 23 April, M&S confirmed a cyber incident. Scattered Spider, a known hacking group, used ransomware and SIM swap tactics. This bypassed help desk controls. As a result, systems locked and operations halted. Online and phone orders stopped from 25 April. Recovery took until 10 June 2025. Costs mounted at £15 million weekly in lost revenue. Share value dropped sharply. Investigations by the Police and National Crime Agency followed. Online orders only began resuming on June 10th 2025, almost 3 months after the attack.
Lessons SMEs can learn from the M&S cyber attack:
- Review third-party risk. Suppliers and partners can introduce vulnerabilities. Therefore, vet all providers. Ask about their security measures. Require clear breach notification clauses.
- Strengthen password and access policies. SIM swap attacks exploit weak authentication. Consequently, use multi-factor methods and secure reset protocols.
- Maintain up-to-date backups. Regular backups help recovery after ransomware. Moreover, test restoration regularly.
- Train staff to spot phishing. Human error remains a top cause of breaches.
- Monitor for unusual activity. Early detection helps contain incidents.
How to build cyber resilience for your business
Start by mapping data flows. Know where data resides and who accesses it. Then assess critical systems. Prioritise protection for high-risk areas. Next, implement basic cyber hygiene. For example, use strong passwords and apply patches promptly.
In addition, plan incident response. A clear plan reduces chaos if breach occurs. Meanwhile, involve senior leaders to ensure buy-in.
Also, consider cyber insurance. It cannot stop attacks. However, it can ease financial strain after incidents. Finally, schedule regular reviews. Threats evolve fast. Policies should adapt accordingly.
Why insurance matters after a cyber attack
Cyber insurance offers essential support. Policies can cover loss of income, forensic costs and legal fees. They often include access to specialists. For instance, they can fund PR advisers to manage reputational impact. Moreover, insurers may help with breach notifications. This guidance speeds compliance and recovery. Without cover, costs can overwhelm smaller firms. Even large retailers face heavy losses. Therefore, review your policy terms now. Ensure sums insured match potential exposures. Discuss specific scenarios with your broker.
For more information on cyber insurance, click HERE to head to our cyber insurance product page.
Next steps for your business
Begin with a risk assessment. Identify systems and data you cannot afford to lose. Then test your defences. Use external audits or penetration tests. Train everyone in your team. Use real examples to reinforce risks and responses. Engage leaders in cyber planning. Secure commitment to invest in resilience. Review your cyber insurance cover. Confirm it addresses incident costs and lost income. Finally, keep plans current. Update as threats or business needs change.
Contact us today to claim your free cyber risk assessment
Robison & Co support
At Robison & Co, we guide you through cyber resilience. We help you to:
- Assess third-party risks.
- Design policies for data and systems.
- We advise on incident response planning.
- Review insurance cover to match your needs.
- Support you when incidents occur.
Our bespoke approach reflects your business scale and sector. With expert guidance, you can face threats confidently.
