In defence of Marks and Spencer as UK retailer gears up for eye watering £300 million profit hit from cyber attack

Over the last few weeks, there’s been a lot of noise surrounding a high profile cyber attack on M&S. some of it informed, some of it not. As someone who works in cybersecurity, Mark Hughes, CSO at The National Lottery, has taken to social media to add a more grounded perspective.

As it released full year results for the 52 weeks ended 29th March 2025, M&S this morning said it will lose an estimated £300 million as a result of the cyber attack that has forced it to halt online orders and struggle to keep store shelves stocked. This has been linked to a hacking collective known as Scattered Spider.

Earlier this month, an M&S insider talked to Sky News about chaotic scenes at the UK high street giant and claimed there was no business continuity plan in place.

In a LinkedIn post, Hughes said: “Firstly just because one person interviewed by Sky News says there isn’t a plan, doesn’t actually mean there isn’t, it means that specific person wasn’t aware of it (probably because they aren’t relevant to responding to the attack). Writing such a story based on one insider’s' gossip to the press is a not the most robust piece of journalism in my view.”

He added: “The attack carried out by Scattered Spider is not your average cyber incident. This group are an advanced and aggressive threat actor who have targeted some of the world’s largest organisations using techniques that would test even the most mature security teams.”

What often gets missed in the commentary is what M&S actually did do, Hughes argued, namely: It has worked directly with the NCSC to understand and share threat intelligence - not just for its benefit, but to warn others.

It also operated under enormous pressure and kept business continuity moving during a live incident, and the transparency of communications has been a lesson to all. And add to this, M&S’s cyber and tech teams have been working around the clock for weeks - “a reality many of us in the field can relate to but few outside understand at all,” Hughes observed.

He concluded: “To be clear, no organisation is immune from targeted attacks. What matters is how you respond - and from what I can see, M&S responded with integrity, urgency, and a willingness to collaborate across the industry. This is my message to the M&S cyber and tech teams: your work matters. You’ve likely prevented others from falling victim, even while still managing your own recovery. That’s the kind of leadership our industry needs more of.”

2025 RTIH INNOVATION AWARDS

Cyber security will be a key focus area at the 2025 RTIH Innovation Awards.

The awards, which are now open for entries, celebrate global tech innovation in a fast moving omnichannel world.

Our 2024 hall of fame entrants were revealed during an event which took place at RIBA’s 66 Portland Place HQ in Central London on 21st November, and consisted of a drinks reception, three course meal, and awards ceremony presided over by comedian Lucy Porter.

In his welcome speech, Scott Thompson, Founder and Editor, RTIH, said: “The event is now into its sixth year and what a journey it has been. The awards started life as an online only affair during the Covid outbreak, before launching as a small scale in real life event and growing year on year to the point where we’re now selling out this fine, historic venue.”

He added: “Congratulations to all of our finalists. Many submissions did not make it through to the final stage, and getting to this point is no mean feat. Checkout-free stores, automated supply chains, immersive experiences, on-demand delivery, next generation loyalty offerings, inclusive retail, green technology. We’ve got all the cool stuff covered this evening.”

“But just importantly we’ve got lots of great examples of companies taking innovative tech and making it usable in everyday operations - resulting in more efficiency and profitability in all areas.”

Congratulations to our 2024 winners, and a big thank you to our sponsors, judging panel, the legend that is Lucy Porter, and all those who attended November's gathering. 

For further information on the 2025 RTIH Innovation Awards, please fill in the below form and we will get back to you asap.