Marks and Spencer Group PLC's chairman Archie Norman declined to confirm if a ransom was paid following a cyberattack, now attributed to DragonForce, which cost the retailer up to £300 million. The incident, which disrupted online operations for six weeks and continues to impact IT systems, highlights the significant financial and operational vulnerabilities of large enterprises. Norman noted the company's £870 million annual profit was crucial in absorbing the substantial disruption, underscoring the importance of financial resilience against such threats.
Marks and Spencer Group PLC is navigating the severe aftermath of a cyberattack that inflicted a financial cost of up to £300 million, a material figure equivalent to over a third of its £870 million profit from the past year. The operational disruption was substantial, with online services non-functional for six weeks and IT systems still undergoing a prolonged rebuild, indicating that the full operational and financial consequences may not yet be realized. Chairman Archie Norman's commentary highlights both the company's vulnerability, citing a large "attack surface" from overseas contractors, and its resilience, noting that recent profitability was crucial for absorbing the financial shock. His refusal to disclose whether a ransom was paid, coupled with the statement that "the damage had been done," points to a complex management decision but leaves questions about data exfiltration and future liabilities unanswered. The incident serves as a stark illustration of the latent financial and operational risks embedded in the company's current IT and vendor infrastructure.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
moderately negative
Sentiment Score
-0.45
