Retail giant Marks & Spencer has confirmed it was hit by a cyberattack, prompting it to temporarily pause online orders and limit remote access for staff. The company assured customers that their data was not at risk and that no action was needed on their part. However, the incident highlights just how disruptive modern cyberattacks can be—even for well-established brands.
With cyber threats escalating in 2025, the need for businesses to strengthen their cybersecurity has become urgent. The breach at M&S underscores the importance of resilience and proactive security strategies, especially as cybercriminals continue to evolve their methods. As more companies fall victim, experts’ early-year warnings are proving accurate.
Although the nature of the attack remains uncertain, the immediate impact is very clear. With online shopping paused and employees unable to access internal networks from home, the continuing and cascading impact of an cyberattack is clearly visible. Over the coming days we are likely to hear more about the attack and the ramifications on the business and customers, but it is already clear that this breach is in line with the other high-profile attacks we have seen since the beginning of the year.
It should act as a warning to all companies to tighten up their defences, ensure resilience in the face of a cyberattack and better protect data and customers, as AJ Thompson, CCO at Northdoor plc explains.
“This latest high-profile attack is another example of cyber criminals successfully gaining access to systems and data and causing havoc. M&S has had to shut down its external facing online retail offering and its internal systems for employees that work from home meaning that it has had a huge impact on the business.
“Whilst M&S is scrabbling to restore systems, the attack itself should act as a wake-up call to all other businesses, no matter what sector they operate in. In the face of a highly sophisticated approach from cyber criminals and against a backdrop of an increasingly complex regulatory landscape, companies have to ensure defences and resilience are firmly in place and part of the company culture.
“However, for many companies, fighting back against this ever-changing threat seems to be a daunting, if not impossible, task. The level of attacks does seem to be increasing. In the last few months, we have seen Morrisons, Barclays, Lloyds, Southern Water, Gateshead Council, British Airways and TalkTalk all impacted by various types of cyber intrusion, and this latest attack fits the bill in terms of the amount of disarray caused.
“It is not all bad news for UK companies though. Firming up defences, educating staff and understanding what the latest threats look like are all crucial steps for businesses to protect themselves and ensure resilience in the face of such an attack. Some are turning to third-party consultants to help implement these within businesses. They can plug any gaps in internal teams as well as providing expertise to help keep data and systems safe. There will undoubtedly be further attacks over the coming months and businesses of all sizes need to take steps now to better protect themselves,” Thompson concluded.