Large British retailer Marks & Spencer (M&S) has disclosed that the recent cyber attack is estimated to impact Group operating profit by approximately £300 million for 2025/26.
As a reminder, on 22 April 2025, M&S announced it was responding to a cyber incident that had disrupted its operations. The attack is believed to have been carried out by the threat actor group Scattered Spider, which reportedly used DragonForce ransomware.
In its recent results statement, M&S said, “Since the incident, Food sales have been impacted by reduced availability, although this is already improving. We have also incurred additional waste and logistics costs, due to the need to operate manual processes, impacting profit in the first quarter.
“In Fashion, Home & Beauty, online sales and trading profit have been heavily impacted by the necessary decision to pause online shopping, however stores have remained resilient. We expect online disruption to continue throughout June and into July as we restart, then ramp up operations. This will also mean increased stock management costs in the second quarter.
“Therefore, our current estimate before mitigation is an impact on Group operating profit of around £300m for 2025/26, which will be reduced through management of costs, insurance and other trading actions. It is expected that costs directly relating to the incident will be presented separately as an adjusting item.”
Last week, the Financial Times reported that M&S could claim up to $100 million in losses from its cyber insurance policy following the incident.
WTW is reportedly the broker for the policy, with Allianz acting as M&S’s lead insurer and expected to pay at least the initial £10 million. London headquartered specialist insurer Beazley is also said to be among the insurers exposed to losses if the policy pays out.
“We are focused on recovery, restoring our systems, operations and customer proposition over the rest of the first half, with the aim of exiting this period a much stronger business,” said M&S.
Commenting on the nature of the attack, Simon West, Director of Customer Engagement at Resilience, said that they are particularly concerning due to the use of advanced tactics such as SIM swapping and MFA bypass.
Meanwhile, Rick Welsh, CEO of Killara Cyber, warned that the DragonForce ransomware behind the attack is rapidly emerging as one of the most dangerous threats in the cybersecurity domain globally.
