fbpx

Lessons from the M&S chaos

12th May, 2025

Marks & Spencer, the UK’s much-loved High-Street giant, found itself in the eye of a perfect storm. A sophisticated ransomware attack forced M&S to pause online orders, disrupt Click & Collect, pull job adverts, and even leave some of its store shelves conspicuously empty. With over £500 million wiped off its market value and daily web sales of around £3.8 million halted overnight, it is a stark reminder that if this can happen to Marks & Spencer, it can happen to anyone.

Before you tuck your head under your desk in panic, let us unpack what the M&S breach really means for small businesses, and how you can turn this crisis into your own cybersecurity wake-up call.

  1. No business is too small for cyber threats

Ransomware does not discriminate. Once a hacker group uses malware to extort big names, they will happily target less fortified small businesses next. In fact, small and medium-sized enterprises often make more tempting targets precisely because their defences tend to be weaker. Do not wait until you see “paused online orders” on your own site before taking action.

Conduct a basic cybersecurity audit today. Even a simple checklist, up-to-date antivirus, strong unique passwords and two-factor authentication on all critical accounts can dramatically lower your risk.

  1. Customer trust can vanish overnight

M&S may enjoy decades of brand affection, but its silence after the initial breach is already causing reputational scrapes. As consumer expert Kate Hardcastle points out, keeping quiet can be unsettling for customers at a time when trust and transparency are most valuable.

For small businesses, where personal relationships and word of mouth drive sales, news of a data breach or even a prolonged technical issue can cost you more than immediate revenue; it can eat away the goodwill you have spent years building.

Prepare a communication plan. Draft holding statements, designate a spokesperson, and decide on the channels you will use to keep customers informed calmly and candidly.

  1. Recovery costs go beyond ransoms

While the hackers behind the M&S attack will demand a high price, the real cost balloons once lost sales, PR management, legal fees and system restoration are taken into account. For a small business, that level of hit can be catastrophic.

The lesson from M&S is not that hackers only target the big fish but that no fish, big or small, is immune. By taking proactive and practical steps now, you can build a fortress around your business’s reputation, revenue and relationships. After all, in the digital age, preparedness is your strongest defence.

Invest in cyber insurance tailored to your business. We can help you look for coverage that includes not only cyber extortion payments but also business interruption losses and costs for PR management.

Contact us today to discuss how we can help you to be as prepared as possible for any cyber threat at 0115 973 7303 or go to https://routenchaplin.co.uk/products/cyber

About Us

We buy effective insurance solutions for personal and business clients. Our dedication to service excellence has helped us to form long-lasting relationships with everyone we engage with.

News

Here at Routen Chaplin, we aim to provide the latest and most current news articles for our clients. If you would like to find out more, please follow the link below.