M&S Cyber Attack: What Businesses Should Know

By | | Outsourced IT Support

Incidents like the recent Marks & Spencer cyber attack are a reminder that cyber threats can strike any organisation at any time, causing rapid disruption and damaging trust.

The attack forced the retailer to suspend online orders and led to significant operational challenges and a sharp drop in market value.

For businesses, this is not a call to panic, but a reminder to prioritise preparation: strengthening cyber defences, establishing robust incident response plans, and maintaining transparent communication to safeguard both business continuity and customer confidence.

Key Lessons and How to Prepare

Build Resilient Cyber Defences
Invest in layered security: keep systems patched, use strong passwords and multi-factor authentication, and regularly review user access. Proactive vulnerability scanning and endpoint protection can help detect threats before they escalate.

Develop and Test an Incident Response Plan
A well-defined, regularly tested incident response plan ensures your team knows exactly how to act under pressure. Assign clear roles, establish escalation paths, and rehearse scenarios so everyone is ready to respond quickly and effectively.

Prioritise Transparent Communication
Open, honest communication with customers, staff, and regulators helps maintain trust during a crisis. Prepare templates and protocols in advance, so you can provide timely updates and guidance if an incident occurs.

Know Your Regulatory Obligations
FCA-regulated firms must report significant cyber incidents quickly. Understand the requirements and have processes in place to notify the FCA, ICO, and other relevant bodies within required timeframes.

Train Your People Continuously
Human error remains a leading cause of breaches. Regularly train staff on phishing, social engineering, and best cyber practices. Simulate attacks to keep everyone alert and aware.

The M&S attack serves as a firm reminder that cyber resilience is built on preparation, not panic. Strengthening defences, planning for the unexpected, and fostering a culture of transparency and readiness are essential to protecting both reputation and customer trust. Cyber security must be treated as a fundamental business priority, integrated into all levels of strategy and operations.