|  Updated: 

M&S: FTSE 100 shares continue to drop after cyber attack

By:

Retail Reporter

Add as a preferred source on Google
M&S is a member of the FTSE 100. (Photo by Jack Taylor/Getty Images)
M&S is a member of the FTSE 100. (Photo by Jack Taylor/Getty Images)M&S is a member of the FTSE 100. (Photo by Jack Taylor/Getty Images)

Marks and Spencer’s (M&S) share price has fallen more than three per cent in early trades this morning as the effects of a cyber attack last week rage on.

The FTSE 100 retailer’s share price has fallen by nearly nine per cent since it announced the attack in a statement to the London Stock Exchange on 22 April.

Since then, the retail and grocery giant has suspended online orders and many of its shoppers were unable to use contactless payments for parts of last week. 

The high street darling told hundreds of agency workers at its Castle Donington distribution centre in the East Midlands to stay at home on April 28, according to Sky News reporter Mark Kleinman.

Staff working from home have been reportedly locked out of the company’s IT systems as the firm works to contain the fallout from the attack, according to The Times.

Online shopping accounts for around a third of sales at M&S, a figure which has been steadily growing over the past decade.

“Ransomware gangs… aim [for] maximum disruption to force a quick payout. By freezing critical systems, criminals create chaos for both customers and the business – affecting online orders, payments, and store operations.

“Their goal is simple: the greater the disruption, the greater the pressure on the company to pay the ransom,” Julius Cerniauskas, CEO of web intelligence experts Oxylabs, said.

“While it appears M&S has regained some control, preventing the situation from escalating further will depend on thorough system cleansing, patching vulnerabilities, and ensuring no backdoors have been left behind by the attackers,” Cerniauskas added.

Dennis Martin, crisis management and business resilience specialist at Axians, said that the incident served as a reminder that “cybersecurity is no longer just an IT concern, but a core operational risk”.

“What’s crucial now is learning from this, ensuring systems and operational processes are resilient, communications are clear and contingency plans are in place and tested regularly.

“As cyber threats become more sophisticated, it’s not about eliminating risk entirely, but about responding effectively and maintaining customer trust when the unexpected happens,” Martin said.

City PM has contacted M&S for comment.