M&S Cyberattack Recovery: CEO Says Worst Impact Will Be Over By August

M&S Cyberattack Fallout: Recovery Timeline & Shareholder Concerns

M&S (Marks & Spencer) expects to recover from the worst effects of its devastating cyberattack by August, CEO Stuart Machin has confirmed. The breach, which cost the British retail giant £300 million ($413M) in profits, forced the company to shut down its online store for seven weeks and left shelves empty due to disrupted stock systems.

Key Recovery Milestones

• Online store (partially reopened) expected to fully restore within four weeks.

• Automated warehouse systems at Donington to resume normal operations by August.

• Increased cybersecurity investments—quadrupled budget and tripled staff in the past year.

Shareholders Question Security & Executive Pay

At the M&S annual meeting, investors raised concerns about:

1. Could the attack have been prevented?

   • Chairman Archie Norman acknowledged ongoing investigations but stressed that no system is completely immune.

2. Should CEO bonuses be cut?

   • Machin’s pay rose 39% to £7.1M last year, prompting debate over accountability.

   • Norman stated it’s “too early” to decide on bonus adjustments.

Strengthening Cybersecurity Defenses

Machin emphasized:

• Enhanced employee training to combat social engineering attacks (hackers breached M&S via a third-party contractor).

• Continued cybersecurity investments to prevent future breaches.

What’s Next for M&S?

While recovery is underway, the incident highlights the growing threat of cyberattacks in retail. M&S’s response will be crucial in restoring customer and investor confidence.