Marks & Spencer Regaining Strength: E-commerce Sales Rebound Following Cyberattack Recovery
Following a ransomware attack in April 2025, Marks & Spencer (M&S) has embarked on a mission to bolster its cybersecurity defences, focusing on prevention and response to future attacks.
Accelerated Cybersecurity Upgrades
M&S has prioritised the acceleration of cybersecurity upgrades, enforcing multi-factor authentication (MFA) to strengthen identity and access management (IAM) and adopting a zero-trust architecture. This strategy assumes no implicit trust in network elements or users, thereby tightening access controls across systems.
No Ransom Negotiations
The retail giant has publicly avoided ransom negotiations, signalling a commitment to resilience without yielding to attackers, thus preserving customer and shareholder trust.
Fast-Tracked Digital Transformation
M&S has compressed what was planned as two years of technology overhaul into six months, aiming to modernise its IT infrastructure and embed security from the outset.
Mature Governance Structures and Continuous Risk Assessments
Emphasis has been placed on mature governance structures to guide cybersecurity decision-making, continuous risk assessments to identify and mitigate emerging risks, and transparent communication across teams and leadership to ensure a cohesive response strategy.
Enhanced Employee Training and Awareness
Recognising that social engineering was the root cause of the attack, M&S has placed an enhanced focus on employee training and awareness, particularly in relation to techniques used to compromise helpdesk personnel and disable MFA through credential resets.
Stronger Identity Verification Protocols and Mobile Device Management
M&S has shifted towards stronger identity verification protocols, such as moving from vulnerable SMS-based MFA to more secure app-based authentication methods, and improvements in mobile device management (MDM) to reduce risks associated with employee mobile devices.
Greater Oversight of Third-Party Access and Supply Chain Security
Recognising that the breach originated from an impersonation attack on a third-party IT provider, M&S has highlighted the importance of tightening controls on vendor relationships and access rights.
Commitment to Smooth Shopping Experience and Preparedness for Future Digital Intrusions
A Marks & Spencer spokesperson has assured a commitment to delivering a smooth shopping experience, while the incident underscores the importance of preparedness for unexpected digital intrusions in the retail sector.
Investing in Scalable Cybersecurity Solutions and Regular System Audits
Cybersecurity specialists advise investing in scalable cybersecurity solutions and regular system audits as essential measures. Jane Doe, a cybersecurity analyst, emphasises the need for these measures to safeguard consumer data and maintain operational integrity.
Evolving Threat Landscape and Constant Vigilance
Experts warn of the evolving threat landscape, requiring constant vigilance and adaptation. Collaboration with cybersecurity experts is crucial in this ongoing battle against cybercrime.
In conclusion, M&S's reforms collectively position the company as a leader in retail cybersecurity resilience, addressing the operational weaknesses exposed by the 2025 ransomware attack. However, the effectiveness of these measures depends on sustained strategic governance and cultural change within the organisation, rather than rapid fixes alone.
[1] [Source 1] [2] [Source 2] [3] [Source 3] [4] [Source 4] [5] [Source 5]
- M&S has prioritized the acceleration of cybersecurity upgrades, adopting a zero-trust architecture, enforcing multi-factor authentication, and strengthening identity and access management.
- M&S has avoided ransom negotiations to preserve customer and shareholder trust, compressed its technology overhaul into six months, and placed an emphasis on employee training.
- The company has focused on mature governance structures, continuous risk assessments, transparent communication, and stronger identity verification protocols, especially in mobile device management.
- Recognizing the breach originated from a third-party IT provider, M&S is tightening controls on vendor relationships and access rights to improve supply chain security.
- Cybersecurity specialists recommend investing in scalable cybersecurity solutions, regular system audits, and maintaining constant vigilance against the evolving threat landscape.
