The recent cyber attack on Marks & Spencer (M&S) serves as a reminder of how devastating a single breach can be for even the most established brands. At CSG, we believe every business, large or small, must take proactive steps to prevent such incidents. Here’s what happened, what we can learn, and how CSG can help you stay secure.
What happened at M&S?
Earlier this year, M&S suffered a major ransomware attack that forced the retailer to take critical systems offline, including its website and app. This disruption lasted for weeks, halting online sales and impacting logistics and in-store services. The breach was linked to human error, which allowed attackers to infiltrate systems.
The consequences were severe:
- Online home and fashion sales plunged by 42.9%
- Click & Collect and home deliveries were suspended
- Some stores reverted to manual processes for stock and payments
Financially, the impact was staggering. M&S reported £324 million in lost sales, with direct recovery costs of £136 million. Profits almost disappeared, dropping from £391.9m to £3.4m. Customer data, including names, email addresses and dates of birth, were compromised, though payment details remained secure. Beyond the numbers, the reputational damage was significant, with competitors gaining market share during M&S’s downtime.
Key lessons for businesses
- Human error is a major risk
Phishing and social engineering remain common entry points for attackers. Employee awareness is critical. - Downtime costs more than ransom
Operational disruption and lost sales often far exceed the ransom demand or recovery costs. - Customer trust is fragile
Data breaches can lead to legal exposure under GDPR and long-term reputational harm.
How CSG can protect your business
At CSG, we are focused around supporting your business against the most advanced cyber threats. We provide ongoing managed services that provide your business with a full-rounded approach, leaving no vulnerabilities. Here’s how we can support your business:
1. Cyber Essentials & compliance
Achieve Cyber Essentials Plus certification to meet UK standards and reduce risk from common attacks. Many industries and supply chains require businesses to meet specific cyber security standards. Cyber Essentials certification ensures that your organisation complies with these requirements, enhancing your credibility and trustworthiness.
2. Advanced threat protection
Our 24/7 Managed SOC monitors your systems in real time, while advanced endpoint protection blocks ransomware and malware before they spread. Our approach includes continuous monitoring, advanced threat detection and rapid incident response to protect your business around the clock.
3. Vulnerability & penetration testing
Regular testing identifies weaknesses before attackers do. We also manage patches and configurations to keep systems secure. Penetration testing involves simulating cyber attacks on systems, networks or applications to identify vulnerabilities before malicious actors exploit them. It requires a combination of technical skills, tools and methodologies to ensure the security assessments are valuable.
4. Incident response & disaster recovery
In the event of an attack, our rapid response team contains and remediates threats. Our backup and disaster recovery solutions ensure business continuity. CSG works in data recovery and network redundancy, as well as disaster recovery testing and planning. Our experienced team can assess your current processes and identify any risks that could pose a threat to the continuity of your business and ensure you’re in the best position to adapt and recover should something happen.
5. Staff awareness training
Human error was the cause of this, and millions of others, cyber attacks. We deliver ongoing cyber awareness programs and simulated phishing campaigns to reduce human error and strengthen employee vigilance.
The M&S attack shows how quickly a cyber incident can spiral into a financial and reputational crisis. Protect your business today with CSG’s cyber security solutions.
Ready to strengthen your defences?
Schedule a call today
Chat to a member of our team for a no-obligation chat on how we can help.