Estimated reading time: 4 minutes
British retailer Marks & Spencer has started receiving substantial cyber insurance claims payouts from its April cyberattack. “Insurance income proceeds of £100.0m (app. $132 million), in respect of the incident, recorded centrally in adjusted profit,” the Company reported in its November 5th earnings report.
But headlines on the report focused on the dramatic decrease in profits reported by the Company.
Cyberattack Slashed Marks & Spencer Sales
Cyber insurance claims paid to the Company have been substantial, but the impact of the ransomware attack was severe, from top to bottom lines. “Sales declined by 16.4%, primarily due to the pause in online from late April to early June. The restoration of the online offer was phased, with home delivery resuming in June and click and collect restored in August,” Marks & Spencer reported.
“Practically All” Operational Systems Have Recovered
The Company provided an update on the attack and the firm’s recovery from it: “We entered 2025/26 with strong trading momentum and a clear plan to invest in transformation and growth. However, in the first few weeks of the financial year, we experienced a cyber incident. We responded quickly and took immediate action to protect our customers, our suppliers and the business which included proactively taking some of our systems offline. Since the incident, we have prioritised recovery across our technology estate and restoring operations. Our customer-facing systems were restored in the summer, and practically all operational systems have now been recovered. We continue to strengthen their resilience and will seek to increase the pace of transformation in the coming year. These actions will help create simpler technology architecture and support the store, online and logistics investments which underpin future growth in Food and in Fashion, Home & Beauty.”
Report Includes Details on Recovery from the Hack
The Company shared details on its response to the hack: “Our response to the attack required the disconnection of warehouse management systems leading to the pausing of online orders, click and collect and in-store ordering. Manual processes were swiftly introduced to maintain trading and ensure continuity in forecasting, ordering and replenishment. Customers were able to shop in our stores throughout.
We formed a strong business recovery team led by Sacha Berendji, our Operations Director, and operational restoration has been the primary focus of the technology team during the period. We are now at the advanced stages of this process. The restoration of critical trading and customer-facing systems was prioritised and our online offer was restored in August. Following the temporary removal of system access to third-party providers, specialist onshore teams supported remediation.
The objective of the technology transformation is to modernise and simplify the estate and evolve the organisation to serve the business better. While the necessary recovery activity in the first half has delayed implementation of some of these changes, we expect transformation to pick up pace next year.
For the remainder of the year, our focus will be ensuring operational resilience, cost control and building new applications that support growth.”
The bottom line: Marks & Spencer, unlike some other recent high-profile victims of cyberattacks, did have substantial cyber insurance, asnd those cyber insurance claims have no doubt assisted its recovery. The Reuters news service even tried to put a positive spin on the news: “British retailer Marks & said it will have fully recovered from April’s cyber hack by March next year, forecasting second half profit ‘at least’ in line with last year after it slumped 55.4% in the first half.” Although the headline could also be: “It Will Take a Year for Marks & Spencer to Recover from Its Cyberattack.”
Related Cyber Insurance Claims Posts
