This morning, Marks and Spencer revealed that it now expects the cost of the Easter weekend’s massive cyber atatck on its systems to reach as much as £300m, while the task of recovering from the attack and returning to full digital operability could take us into July.
This comes hot on the heels of Zain Javed, CTO at Lancaster and Manchester-based Citation Cyber, telling Prolific North that the real time to fully recover from the attacks, for M&S as well as fellow victims Co-op and Harrods, could be as long as three years.
For a company like Marks and Spencer, with annual sales of close to £15bn, almost 50% of them online according to the M&S website, as well as nearly 1,500 global stores relying on the firms logistics tech, it’s probably understandable that the cost of a few weeks offline, or at least with limited online capablilies, can run into hundreds of millions.
Equally, you’d expect a company with almost £15bn annual sales to have a pretty clued up IT and cyber security operation, so why is it taking so long to repair the damage? Prolific North turned to some local experts to find out.
Robert Cottrill, technology director at Manchester-based digital transformation company, ANS, told us: “M&S appears to be taking the appropriate and necessary steps following the cyber attack, with a likely focus on restoring core systems and recovering critical data. The extended disruption may well be a result of attackers having targeted key infrastructure, which takes time to fully assess, secure, and restore. Given the scale and complexity of M&S’s globally connected operations, the recovery process is understandably meticulous, with multiple interconnected systems requiring scrutiny.”
He added that, in the long term, the costs of rushing back online too soon could be higher than those of a long recovery: “It’s essential that M&S prioritises a secure and complete recovery over a rapid one,” he explained. “Rushing to bring systems back online without full assurance of their integrity could risk further compromise. Ensuring robust security at every layer before resumption is not just sensible – it’s vital.
“The major disruption and sales loss M&S has seen following the incident serve as a powerful reminder to all organisations: cybersecurity must be treated as a board-level issue. No business is immune to cyber threats, and those with complex digital ecosystems are particularly vulnerable. Effective incident response plans, regular testing, and collaboration with cybersecurity experts are critical to minimising disruption. But more than that, a proactive approach that includes threat detection, security-by-design principles, and employee awareness is the best defence against increasingly sophisticated attacks.”
Over in Spinningfields, Mike Maddison, CEO of global cyber security company NCC Group, added: “Many people underestimate the full scope of a cyber attack and the time it takes to restore systems to usual functionality. Recovery can often take months, with cyber security teams working tirelessly around the clock to re-establish digital services securely.”
Maddison added that it’s not just loss of systems that takes time to repair, but loss of stakeholder confidence too: “To reassure all those impacted – including consumers, stakeholders, and the wider supply chain – organisations must adopt a rigorous and considered approach to recovery,” he explained. “As part of this process, business continuity and incident response planning are key to ensuring a coordinated and resilient strategy.
“Recovery efforts must also consider all aspects of security, particularly the integrity of backups and the organisation’s ability to restore critical systems even in worst-case scenarios. While this may extend the timeline for getting operations fully up and running, it is essential for moving forward with confidence and reducing the risk of future incidents.”
