M&S Cyber Incident Highlights the Need for 24/7 Resilience

Over the Easter Bank Holiday weekend, Marks & Spencer (M&S) experienced a cyber incident that disrupted contactless payments and delayed online order collections across its UK stores. While M&S assured customers that no personal data had been compromised, the timing and impact of the attack highlight a growing truth for businesses: cyber attackers don’t keep office hours. In today’s threat landscape, resilience isn’t just about defence, it’s about being prepared to respond and recover at any time, day or night.

What Happened at M&S?

The disruption began as early as the Saturday before Easter Monday, with M&S customers reporting issues using contactless payment methods in-store. The company’s Click & Collect service was also affected, leading to delays in customers receiving their online orders. The incident was confirmed by M&S on Monday, and operations remained impacted into the following week.

M&S responded swiftly by reporting the issue to the National Cyber Security Centre and bringing in cybersecurity specialists to investigate and secure its systems. Despite the disruption, stores remained open, and both the M&S website and app continued to operate as normal.

Impact on Customers

The cyber incident had a tangible impact on M&S customers across the UK. Shoppers reported being unable to use contactless payment methods, leading to longer checkout times and, in some cases, abandoned purchases. The Click & Collect service was also affected, with customers experiencing delays in collecting their online orders. Some customers took to social media to express their frustration, highlighting the inconvenience caused by the disruptions.

M&S assured customers that no personal data had been compromised during the incident and that there was no need for them to take any action. The company emphasised its commitment to resolving the issues promptly and maintaining transparency with its customers.

A Broader Trend of Cyber Threats

The M&S incident is far from an isolated case. Several major UK organisations have suffered significant cyber attacks in recent years:

• Transport for London (TfL) was hit by a cyber attack in September 2024 that disrupted online payments, journey planning tools, and internal systems. Although no payment data was accessed, the attack caused delays and inconvenience across the capital.
  
• Royal Mail experienced a severe ransomware attack in early 2023, thought to have been carried out by the LockBit group. International postal services were suspended for weeks, and the incident required extensive recovery operations and system rebuilding.
  
• WH Smith confirmed a data breach in 2023 which exposed employee information, including names, addresses, and national insurance numbers. Though customer data was reportedly unaffected, the breach raised concerns about internal system security and workforce risk.
  

These examples show that cyber attacks are becoming more frequent, more complex, and more damaging. The threat extends beyond IT systems and into the day-to-day operations and reputations of businesses.

The Growing Threat Landscape

According to the UK Cyber Security Breaches Survey 2025, 43% of UK businesses reported experiencing a cybersecurity breach or attack in the past year. Medium and large businesses were particularly affected, with 70% and 74% reporting incidents, respectively. Phishing remains the most common method of attack, but ransomware and other targeted campaigns are on the rise.

As the digital threat landscape continues to evolve, businesses must shift from reactive security measures to proactive cyber resilience planning.

Strengthening Cyber Resilience

To prevent and prepare for incidents like the M&S breach, businesses should:

• Conduct risk-based assessments – Prioritise critical assets and threats based on business impact
  
• Integrate governance – Align cybersecurity with broader enterprise risk management strategies
  
• Train employees – Build a cyber-aware culture through regular education and simulated attacks
  
• Plan and rehearse – Develop and test incident response and recovery plans
  
• Invest in technology – Deploy tools to detect, respond to, and recover from attacks
  
• Continually improve – Use post-incident reviews, threat intelligence and audits to refine strategies.
  

Cyber attackers are increasingly sophisticated, and resilience is not a one-time project. It must be part of ongoing business strategy, risk planning, and operational culture.

Final Thought

This incident is a clear reminder that cyber attackers never take a day off. Public holidays and weekends, when businesses may be operating with leaner teams, can create windows of opportunity for threat actors. Maintaining 24/7 operational resilience is no longer optional.

How AJC Can Help

At AJC, we work with organisations to embed cyber resilience as a core part of business strategy. Our consultants help you move beyond reactive security and develop a proactive, fully integrated approach, combining governance, risk management, regulatory compliance, and workforce readiness.

Whether you’re reviewing your current cyber resilience strategy, navigating new regulatory requirements, or strengthening your incident response capabilities, our team can support you every step of the way.

Contact us on 020 7101 4861 or email info@ajollyconsulting.co.uk if you think we can help.

Sources:

1. The Guardian – Marks & Spencer apologises after cyber incident disrupts contactless payments and online orders
2. Daily Mail – Marks & Spencer’s cyber incident hit stores over Easter
3. BBC News – Marks & Spencer cyber incident
4. Industrial Cyber – UK Cyber Security Breaches Survey 2025
   
5. Public reporting on cyber incidents involving TfL, Royal Mail, and WH Smith

Image accreditation: Wikimedia Commons, (October 2024). Last accessed on 25th April 2025. Available at: https://commons.wikimedia.org/wiki/File:Cyfarthfa_Marks_and_Sparks.jpg