According to TheRegister.com, Marks & Spencer disclosed that its April cyberattack will cost approximately £136 million ($177.2 million) in total, with £101.6 million already recorded in charges for the six months ended September 27 and another £34 million expected in the second half. The attack hammered profits, which fell 55.4% year-on-year to £184.1 million, despite revenues rising 22.1% to £7.96 billion. The retailer spent £83 million on immediate systems response and recovery, with the rest going to legal and professional services. Much of these costs will be offset by the maximum £100 million claim M&S made on its cyber insurance policy. The company had initially warned the attack could cost £300 million by year-end, but the actual impact appears less severe than feared.
Sponsored content — provided for informational and promotional purposes.
The real cost goes beyond the insurance check
Here’s the thing about cyber insurance – it covers the direct financial hit, but it doesn’t fix the operational chaos. M&S had to disconnect warehouse management systems immediately, which meant online and international orders basically stopped dead. Fashion, home, and beauty sales dropped 16.4% during the reporting period, and UK online sales collapsed by 42.9%. Stores stayed open but still saw a 3.4% reduction because they couldn’t get products properly.
Manual processes crush margins
This is where the real damage happened. The company was forced to introduce manual processes to keep the business running, and that absolutely destroyed their operating efficiency. Their operating profit margin plummeted from 12% to 2.7% – that’s catastrophic. Food sales actually increased 7.8%, but profits in that division dropped 58.8% because they were dealing with increased markdowns and waste from manual allocation processes. Basically, they were moving food around like it was 1995 instead of using their modern systems.
Recovery story vs reality
CEO Stuart Machin called it “an extraordinary moment in time” and says they’re “now getting back on track.” But look at the numbers – when your operating margin goes from 12% to 2.7%, that’s not just a temporary blip. That suggests fundamental operational breakdowns that take months, maybe years, to fully recover from. And let’s not forget the £50 million hit from that new packaging disposal levy that added to their troubles. The official results show they’re trying to put a positive spin on things, but the underlying numbers tell a much tougher story.
Cyber insurance isn’t enough
So M&S gets most of their money back from insurance – great. But what about the lost customer trust? What about the operational scars that will linger for years? Their press release talks about getting back on track, but when you’ve had to manually run a modern retail operation for months, that leaves permanent damage. The real lesson here isn’t about having good insurance – it’s about having systems resilient enough that you don’t need to go manual in the first place. Because once you’re manually allocating inventory in 2025, you’re already losing.
