Marks & Spencer chairman Archie Norman informed MPs that a recent cyber attack, which severely disrupted operations for months resulting in empty shelves and limited online services, was a 'sophisticated impersonation' via a third party. Norman declined to disclose whether a ransom was paid, citing it as a 'business decision' and noting that 'substantially the damage had been done' by the time of the demand, with the company still in 'rebuild mode'. This incident underscores the critical importance for other businesses to be prepared to operate without IT systems, as advised by M&S's general counsel.
Testimony from Marks & Spencer's chairman, Archie Norman, confirms the severe operational and financial impact of a cyber attack initiated on April 17th. The attack, described as a 'sophisticated impersonation' involving a third party, resulted in months of disruption, evidenced by empty shelves and limited online services, with the company still in 'rebuild mode'. Management's deliberate ambiguity regarding a ransom payment, framing it as a 'business decision' while noting that 'substantially the damage had been done,' suggests the breach was so deep that paying a ransom was likely deemed ineffective for operational recovery. The two-day lag in detecting the intrusion and the general counsel's advice for businesses to prepare for 'pen and paper' operations highlight significant deficiencies in the company's prior cybersecurity posture and business continuity planning. The ongoing involvement of the National Crime Agency (NCA) indicates a formal investigation, which could carry further legal or regulatory implications.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
strongly negative
Sentiment Score
-0.60
