Cybersecurity: Not just IT’s Problem – Ask M&S

When a high street giant like Marks & Spencer falls victim to a cyber-attack, it sends a clear message to the business world: cybersecurity is no longer a back-office issue. It’s boardroom critical. 

More than £766 million has been wiped off M&S’s market value after a ransomware attack forced the retailer to suspend online orders for four consecutive days – and counting. Shares dropped another 3.1% on Monday morning alone, compounding a 10% loss since the breach was first made public just after Easter. 

And the worst part? The problem still hasn’t gone away.

The repercussions 

M&S has been forced to send hundreds of agency workers at its main distribution centre home as it grapples with the still-unfolding fallout. Online orders remain offline, and there’s no word on when the systems will be back up. What began as a “cyber incident” now looks increasingly like a prolonged crisis with ripple effects across operations, staffing and sales. 

Analysts are warning that if this isn’t resolved quickly, the damage could extend far beyond the balance sheet. Customer confidence and brand reputation – especially for a much-loved household name like M&S – are fragile. With the summer shopping season on the horizon, delays in recovery could hand a golden opportunity to faster-moving competitors. 

Let’s be honest: this is no longer just an IT issue. It’s supply chain disruption. It’s lost revenue. It’s sidelined staff. And it’s a growing queue of disappointed customers clicking refresh. 

Prevention over Reaction 

At Innov8, we often talk about digital transformation, efficiency and automation. But none of that matters if your business isn’t secure. You wouldn’t leave your shop doors wide open overnight – why would you do the digital equivalent? 

This isn’t just M&S’s problem. It’s a wake-up call. 

No matter your size or sector, if you trade online, hold customer data, or rely on digital systems, you’re a potential target. The right IT strategy isn’t just about growth, it’s about resilience. 

So, what can businesses do? 

• Invest in robust cybersecurity infrastructure. Prevention costs far less than a data breach. 

• Keep your systems updated. Patches exist for a reason. 

• Train your teams. People are often the weakest link in the chain. 

• Backup everything. If you don’t want to pay a ransom, have a recovery plan. 

• Get expert advice. Don’t wait until you’re under attack to call in the cavalry. 

The bottom line: cybercrime isn’t slowing down, if anything it is becoming more sophisticated and wide-spread with SME businesses not getting the headlines, but fronting the attack. And while no business is immune, the ones that plan, prepare and protect will weather the storm far better than those caught flat-footed. 

As for M&S – let’s hope they bounce back quickly. But for every other business watching this unfold, remember: when it comes to cyber security, you’re either prepared – or you’re a target.