Marks and Spencer has released its Half Year Report, which shows a significant decline in profits as a result of its recent cyber attack. It was widely reported that the incident may cost the retailer around £130m, while other sources state that it lost over £300m in operating profit. Here, Simon Phillips, CTO of Engineering at CybaVerse, responds to the news.

“This Half Year report provides details around the full scale of the damage caused by the ransomware attack that hit M&S earlier this year.

For many organisations, suffering such losses would signal the end of the road, but fortunately, according to the report, M&S had such a strong 2024 it can weather this storm. 

Other business leaders may look at these losses and believe paying ransoms is the lesser of two evils, given demands would rarely reach as high as £229 million, but they shouldn’t be fooled.

Paying ransom demands rarely reinstates full system access and organisations will often still suffer operational down time and significant losses even after paying.

Furthermore, it’s also evidenced that having cyber insurance in place isn’t enough to cover all attack losses. M&S only recovered a very small proportion of it’s losses and other organisations should be aware of this.

As a result, when it comes to preparing for ransomware, the most important step is defence.

As an organisation’s environment grows through the onboarding of cloud applications, AI and remote working, security teams must ensure all these assets are covered by the security posture. 

They must also run regular automated backups, train staff regularly on the techniques criminals use to breach organisations, especially in the age of AI, plus run regular table top exercising to rehearse response and recovery from various cyber events.”

See Marks & Spencer’s results, here: https://corporate.marksandspencer.com/sites/marksandspencer/files/2025-11/m-and-s-half-year-results…

For more cybersecurity news, click here