How M&S' cyber attack could affect consumer confidence
Marks & Spencer is facing a “bruise” to its long-established reputation following a significant cyber attack that forced the company to suspend online orders, analysts say.
This disruption, which began on Friday, 25 April 2025, has raised concerns over how the retail giant’s customers might respond, particularly with the upcoming summer shopping season in full swing.
The cyber incident, which M&S acknowledged earlier this week, has affected its online platforms, including payment methods, click and collect services, and gift card transactions.
The company, which has been trying to expand its online presence in recent years, confirmed it was pausing all online orders through its UK and Ireland websites, as well as some international sites. It has since issued refunds for orders placed during the disruption.
Kate Hardcastle, a consumer specialist with Insight with Passion, commented on the situation, saying the incident represents a significant “bruise” to M&S’s brand.
“Customers expect a retailer like M&S to keep their data safe and services running, so an incident like this can shake confidence,” she explained.
However, Hardcastle acknowledged that M&S’s quick response and transparent communication with customers might limit the long-term damage, calling it “a setback, but with the right actions, it can be just a bruise rather than a lasting scar.”
The timing of the disruption is particularly unfortunate, as it coincides with the changing seasons and a rise in consumer demand for summer clothes. Retail analysts have warned that M&S could lose out on critical sales as shoppers turn to other retailers.
Natalie Berg, a retail analyst at NBK Retail, emphasized that the retail environment’s “buy now” culture means “other retailers will benefit from this opportunity.”
M&S had already been working hard to increase its share of the online retail market, which is crucial for its growth strategy.
In the past year, the company generated nearly £1.3bn of its £3.9bn in sales from its clothing and home business through online channels. Given that online sales have become a “critical objective” for the company, the current disruption is a significant blow to M&S’s plans.
The company’s troubles come amid a growing trend of cyber incidents impacting major brands.
Last year, Morrisons faced problems with Christmas orders, while Barclays and Lloyds were also affected by banking outages earlier in 2025.
This uptick in cyber disruptions highlights the growing vulnerability of businesses across sectors, especially as more retailers and service providers shift to digital operations.
In response to the attack, M&S has reported the issue to both the National Cyber Security Centre (NCSC) and the National Crime Agency, which are providing assistance in managing the incident.
Additionally, the Information Commissioner’s Office (ICO) has stated it is reviewing the details of the situation.
Despite the immediate challenges, M&S CEO George Weston remains optimistic about the retailer’s long-term prospects, emphasizing that its “strong value proposition” and reputation for quality will continue to play a central role in its recovery from the incident.
However, for now, the company faces the pressing task of regaining consumer trust and recovering lost sales during one of the busiest retail periods of the year.