M&S Cyberattack Fallout: Recovery Timeline & Shareholder Concerns
M&S (Marks & Spencer) expects to recover from the worst effects of its devastating cyberattack by August, CEO Stuart Machin has confirmed. The breach, which cost the British retail giant £300 million ($413M) in profits, forced the company to shut down its online store for seven weeks and left shelves empty due to disrupted stock systems.
Key Recovery Milestones
-
Online store (partially reopened) expected to fully restore within four weeks.
-
Automated warehouse systems at Donington to resume normal operations by August.
-
Increased cybersecurity investments—quadrupled budget and tripled staff in the past year.
Shareholders Question Security & Executive Pay
At the M&S annual meeting, investors raised concerns about:
-
Could the attack have been prevented?
-
Chairman Archie Norman acknowledged ongoing investigations but stressed that no system is completely immune.
-
-
Should CEO bonuses be cut?
-
Machin’s pay rose 39% to £7.1M last year, prompting debate over accountability.
-
Norman stated it’s “too early” to decide on bonus adjustments.
-
Strengthening Cybersecurity Defenses
Machin emphasized:
-
Enhanced employee training to combat social engineering attacks (hackers breached M&S via a third-party contractor).
-
Continued cybersecurity investments to prevent future breaches.
What’s Next for M&S?
While recovery is underway, the incident highlights the growing threat of cyberattacks in retail. M&S’s response will be crucial in restoring customer and investor confidence.
