Slow recovery ‘appropriate’ to ensure M&S is secure after cyber attack – experts
21 May 2025, 13:44
The retailer has said online shopping could be disrupted until July after the attack over Easter.
The extended disruption to Marks & Spencer following the cyber attack on the retailer is “appropriate” and “necessary” to ensure proper recovery, cyber security experts have said.
M&S halted orders on its website and saw empty shelves after being targeted by hackers around the Easter weekend, and customer personal data, which could have included names, email addresses, postal addresses and dates of birth, was also taken by hackers in the attack.
The retail giant said on Wednesday that “human error” had caused the attack, which is set to cost the firm around £300 million, and chief executive Stuart Machin confirmed disruption could last until July.
Robert Cottrill, technology director at digital firm ANS, said it was “vital” M&S took its time to get system recovery right, in order to ensure security and prevent future incidents.
“M&S appears to be taking the appropriate and necessary steps following the cyber attack, with a likely focus on restoring core systems and recovering critical data,” he told the PA news agency.
“The extended disruption may well be a result of attackers having targeted key infrastructure, which takes time to fully assess, secure and restore.
“Given the scale and complexity of M&S’s globally connected operations, the recovery process is understandably meticulous, with multiple interconnected systems requiring scrutiny.”
“It’s essential that M&S prioritises a secure and complete recovery over a rapid one. Rushing to bring systems back online without full assurance of their integrity could risk further compromise.
“Ensuring robust security at every layer before resumption is not just sensible – it’s vital.
“The major disruption and sales loss M&S has seen following the incident serve as a powerful reminder to all organisations: cybersecurity must be treated as a board-level issue. No business is immune to cyber threats, and those with complex digital ecosystems are particularly vulnerable.
“Effective incident response plans, regular testing and collaboration with cybersecurity experts are critical to minimising disruption.
“But more than that, a proactive approach that includes threat detection, security-by-design principles, and employee awareness is the best defence against increasingly sophisticated attacks.”
Mike Maddison, chief executive of cyber security firm NCC Group, agreed that a “rigorous and considered approach” was the best way to help reassure customers and others.
“Many people underestimate the full scope of a cyber attack and the time it takes to restore systems to usual functionality,” he said.
“Recovery can often take months, with cyber security teams working tirelessly around the clock to re-establish digital services securely.
“To reassure all those impacted – including consumers, stakeholders and the wider supply chain – organisations must adopt a rigorous and considered approach to recovery.
“As part of this process, business continuity and incident response planning are key to ensuring a co-ordinated and resilient strategy.
“Recovery efforts must also consider all aspects of security, particularly the integrity of backups and the organisation’s ability to restore critical systems even in worst-case scenarios.
“While this may extend the timeline for getting operations fully up and running, it is essential for moving forward with confidence and reducing the risk of future incidents.”
