What: Marks & Spencer resumes third-party brand sales and gifting services on its website as part of its phased recovery from a major cyber-attack that cost £300m.

Why it is important: The phased restoration of M&S's digital services demonstrates how major retailers can balance rapid recovery with security concerns, setting new standards for cyber crisis management in retail.

Marks & Spencer has achieved a significant milestone in its cyber-attack recovery by restoring third-party brand sales on its website. The retailer has successfully reintegrated popular brands such as Adidas, Mamas & Papas, and Sweaty Betty into its online platform, while also resuming gifting and entertainment product orders, including flowers and hampers. Delivery capabilities have improved, with standard delivery times now reduced to five days across England, Scotland, and Wales. The restoration comes after weeks of disruption following a cyber-attack over the Easter weekend that affected various aspects of M&S's operations, including payments, click-and-collect services, and product availability. The incident, expected to cost approximately £300m, will be partially offset by insurance coverage. CEO Stuart Machin has characterised the attack as "the most challenging situation we've encountered" but views it as an opportunity to accelerate technological transformation, condensing two years of planned upgrades into six months. M&S's experience reflects a broader pattern of cyber threats targeting major retailers, with recent victims including The Co-op and Harrods, highlighting the increasing vulnerability of retail digital infrastructure.

IADS Notes: The restoration of M&S's online operations in June 2025 marks a critical milestone in their recovery from a devastating cyber-attack that began in April 2025. The incident, executed by the Scattered Spider group, initially wiped £700 million off their market value and disrupted £3.5 million in daily digital sales. While customer recommendation rates dropped from 87% to 73%, the retailer's transparent crisis management helped maintain underlying trust at 82%. The attack's broader implications transformed the retail sector's approach to cybersecurity, triggering similar breaches at Harrods and Co-op by May 2025, and driving a 10% increase in cyber insurance premiums across the sector. This series of incidents has fundamentally shifted industry priorities, with ransomware now accounting for 30% of retail security incidents and average losses reaching £1.4 million per attack.

Marks & Spencer restores third-party brands to website as cyber-attack recovery continues