Marks & Spencer Faces Cyberattack Fallout, Results in Staff Disruptions and Market Losses

Hundreds of agency workers at Marks & Spencer (M&S) have been told not to report to work as the company addresses the repercussions of a significant cyberattack. The incident has led to a £650 million decrease in the company's market value, which now stands at over £7.5 billion, down notably since late April when shares were priced above £4.10.

This situation has resulted in M&S advising approximately 200 agency staff, who work at the East Midlands warehouse in Castle Donington, to stay home. Despite this, regular company employees have been directed to continue their usual work schedules. According to reports, the share price for M&S declined by more than 2 percent following both the Friday and Monday announcements, further diminishing the company's market value by over £150 million in just one morning.

The disruption to M&S began last weekend when systems for contactless payments and click-and-collect services were affected. In response, M&S's chief executive, Stuart Machin, notified customers of the ongoing issues and mentioned that the retailer would be making "minor, temporary changes" in-store while coping with the "cyber incident." As the fallout deepened, M&S ceased taking orders through its website and apps on Friday and worked diligently to restore online shopping capabilities.

While the company has reported the cyberattack to relevant authorities and implemented protective measures, the suspension of online sales poses a significant threat to its revenue. According to M&S’s annual report for 2024, 44 percent of online orders originated from their app, with total online sales amounting to £1.27 billion, marking a 7.8 percent increase and underscoring its strategic importance. Consequently, the retailer could be losing approximately £3.5 million in daily sales while its customers are unable to order online.

Investment analyst Dan Coatsworth from AJ Bell highlighted the risks associated with the ongoing inability to handle online orders, noting that it could jeopardize M&S's reputation and financial performance. He pointed out that click-and-collect services substantially contribute to earnings, as observed by the queues at stores for online pickups. While M&S hopes that customers may still visit physical locations to purchase items directly, the uncertainty surrounding the timeline to resolve the cyber incident creates further concern regarding the impact on the company's reputation and stock value.

In a statement, M&S expressed its apologies for the inconvenience caused, reassuring customers that its stores remain open and that no immediate action is required from them. The company indicated that it will provide updates should the situation change.