Photo by Kris Lucas
Marks & Spencer Group Plc is bracing for a £300 million ($403 million) blow to its operating profit this fiscal year due to the fallout from a major cyberattack that continues to disrupt its sales channels and operations.
The UK-based retail giant announced Wednesday that it will seek to offset the financial damage through a combination of cost-cutting measures and insurance claims. However, the company acknowledged that online orders for its clothing and home goods — a segment generating more than £3 million in daily sales — have been halted for over three weeks and are not expected to resume normal operations until July.
The cyberattack has dealt a significant setback to M&S’s ongoing transformation under Chief Executive Officer Stuart Machin. The retailer had recently been delivering on its turnaround strategy, achieving its highest pretax profit in 15 years in the fiscal year that concluded before the attack took place. A resurgence in food sales and an improved fashion image had helped distance the brand from its former reputation for outdated clothing.
While M&S on Wednesday described the incident as a “bump in the road,” the consequences of the breach — first acknowledged on April 22 — have continued to escalate. The initial cyber event forced the retailer to take several IT systems offline, causing widespread disruption. Contactless payments were temporarily suspended, and stock shortages emerged on store shelves due to compromised supply chain systems. Last week, the company disclosed that some personal customer data had been stolen during the breach.
Food sales have also been impacted due to decreased product availability, although M&S said supply is gradually improving. Nonetheless, the company has faced elevated waste and logistics costs as it was forced to rely on manual processes, further eating into profits.
Since the attack was made public, Marks & Spencer’s shares have fallen by 10 percent. However, the stock remains up 34 percent over the past 12 months, based on Tuesday’s closing figures. The breach has been claimed by a cybercrime organization known as “DragonForce,” which has also attempted hacks on the Co-op Group and high-end department store Harrods Ltd. In a statement to Bloomberg, the group claimed responsibility for the incidents and said it was collaborating with other actors to extort money, warning that its campaign against the UK retail sector is far from over.
Despite the setback, M&S remains optimistic about its future. The company recently reported a pretax profit of £876 million for the financial year ending in March — beating analysts’ expectations — and announced a 20 percent increase in its dividend. The retailer reaffirmed confidence in its medium-term growth outlook, even as it continues to assess and respond to the cyberattack’s full impact.
