The M&S cyber attack
In April, Marks & Spencer (M&S) became the victim of a targeted cyber attack that disrupted its operations and highlighted the continued growth of vulnerabilities in corporate cybersecurity. The attack occurred over the Easter weekend, initially affecting click-and-collect and contactless payment systems. Shortly after, M&S was forced to suspend online ordering entirely, displaying a banner on its website apologising for the inconvenience.
M&S’s chief executive, Stuart Machin, revealed that the hackers gained access to their systems through a “third party” vendor working alongside the retailer, rather than directly breaching M&S’s infrastructure.
The hackers employed social engineering techniques, exploiting human error or misjudgment rather than exploiting purely technological weaknesses.
At CSG, we prioritise empowering our customers with the knowledge and tools they need to stay ahead of cybersecurity threats. Through educational programs, we promote awareness of IT security best practices, emphasising the critical role of vigilance in preventing attacks.
From workshops on recognising phishing attempts to implementing third-party risk management processes, our guidance ensures businesses are better prepared to protect every element of operations. Continuous learning and proactive defence measures helps your business build a protected infrastructure, underscoring that awareness is the cornerstone of effective cybersecurity.
This targeted attack caused significant disruption, with online operations gradually resuming throughout June and into July. The retailer estimates that the attack will impact profits for the current year by £300 million, a one-off loss only partly mitigated by cyber insurance coverage, let alone the damage it does to reputation.
The immediate impact of the attack
The consequences of the attack include:
- Customers were unable to order online for nearly a month, affecting M&S’s fashion, home and beauty divisions.
- Food sales were reduced due to diminished availability from supply chain disruptions.
- Additional waste and logistical costs arose from the use of manual processes to mitigate the system outage.
- Future risks loom, including potential fines, litigation and investments in future-proofing the business.
M&S stated that it had taken its systems offline to protect customer data and prevent further damage. However, the disruption is just another example of the important need for businesses to review their cyber security strategies to be PROACTIVE rather than REACTIVE.
At CSG, we ensure that every part of your business is protected, from staff knowledge to industry-leading disaster recovery solutions.
Lessons learned
1. No business is immune
Every business is at risk of falling victim to a cyber-attack, from small businesses to global chains. The group behind this attack, Scattered Spider (also referred to as UNC3944, is a hacking group mostly made up of teens and young adults believed to live in the United States and the United Kingdom) is believed to have been responsible for similar breaches at Co-op and Harrods, with M&S suffering the biggest impact. The attack serves as a stark reminder that all businesses, regardless of size or sector, are potential targets.
2. The importance of third-party risk management
The hackers gained access to M&S systems through a third-party vendor, highlighting the critical need to assess and manage third-party risks effectively. At CSG, we specalise in managing our customers third party vendors, from Microsoft to Sophos, Cisco, HP and more. We can help give you confidence that your partners and vendors are following the latest cybersecurity standards, whilst conducting regular audits to identify vulnerabilities in the supply chain.
3. Proactive incident response planning
M&S had conducted a cyber attack simulation the previous year and was, therefore, able to respond quickly and effectively. The company’s business continuity plan was activated immediately, minimising further damage. This demonstrates the importance of regular scenario planning and preparedness, ensuring that teams know who to call and how to respond when an attack occurs. Our team can help you develop a reliable incident response plan to ensure you could react quickly too.
4. Social engineering awareness
Social engineering played a significant role in this attack, emphasising the need for ongoing cybersecurity training for employees. Staff at all levels must understand the tactics used by attackers and be aware of the latest tactics.
CSG provides regular webinars and training experiences for your staff members that can help increase your staff confidence when it comes to knowing how to deal with a cyber threat.
5. Cyber-insurance is essential but limited
While M&S expects its cyber insurance policy to cover part of the £300 million loss, it is clear that insurance alone cannot fully mitigate the financial and reputational damage caused by a cyber-attack. Businesses must combine insurance with industry leading preventive measures to minimise risks. Let CSG take away this headache for you.
How you can avoid similar attacks
The M&S attack serves as a wake-up call for organisations worldwide. To ensure a similar incident does not happen to your business, consider the following steps:
1. Strengthen third-party relationships
CSG are Microsoft solutions partners and a Sophos managed security services provider (MSSP), meaning we use the most up to date and advance security solutions for your business. We have been protecting companies against cyber attacks since the 80s, expressing our dedication and stamp in the industry.
2. Invest in cybersecurity training
When you partner with CSG, you can easily equip employees with the knowledge and tools they need to recognise social engineering attempts and other cyber threats. Regular workshops and simulations held virtually and in house can instill a culture of security awareness across your business.
3. Update and monitor systems
Your infrastructure is the foundation for business growth and staying protected. Without a high performing IT infrastructure, you are putting your business at risk to breach. It’s recommended to review your infrastructure regularly, set up your first meeting with CSG today so we can come down and evaluate your systems in person.
4. Develop and test incident response plans
CSG are experts in developing industry’s-specific incident response and recovery plans. As of 2025, approximately 45% of businesses in the UK have a business continuity plan in place. This is a big increase from previous years, emphasising the demand for all businesses to finetune their disaster recovery plan with an expert.
5. Allocate resources
Investing in your IT systems and cyber security is no longer a choice. The risk of not having advanced security measures, like MFA and firewalls is greater than ever and the UK government emphasies more than ever how businesses need to address cyber security as their top priority.
Viscount Camrose, Minister for AI and Intellectual Property, said:
“Cyber attacks are as damaging to organisations as financial and legal pitfalls, so it’s crucial that bosses and directors take a firm grip of their organisation’s cyber security regimes – protecting their customers, workforce, business operations and our wider economy.”
CSG’s customers continue to receive 24/7 protection against threats which is why we continue to serve a range of industries in protecting them against cyber-attacks, this is done through software’s such as Sophos firewall.
“The process of setting up Sophos firewall HA has gone very smoothly. It’s a reliable and trustworthy system that due to CSG’s accreditations with Sophos, we have complete trust in.” – James Porch, Business Services Director at Dale Maintenance.
6. Cyber essentials
Businesses certified with cyber essentials are approximately 60% less likely to suffer from a cyber attack compared to those without certification. By adopting this government-backed scheme, businesses significantly improve their cyber resilience to protect critical assets. We understand that some of the Cyber Essentials self-assessment questions can be challenging, especially if you lack a technical IT background or have a complex company structure. Our team at CSG is here to provide reliable and cost-effective cybersecurity advice and practical support.
Your next steps: review your infrastructure with CSG
The recent M&S cyber-attack demonstrates that no business is immune from becoming a target. By learning from this incident and proactively addressing cybersecurity risks, businesses can strengthen their defences, protect their customers and ensure operational continuity even in the face of sophisticated threats. As Stuart Machin aptly noted, such disruptions can serve as a catalyst for positive change, accelerating innovation and transformation in the digital era.
Set up your chat with CSG today so that we can help protect your business.