Skip to content
City PM
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
Tuesday 08 July 2025 9:57 am  |  Updated:  Tuesday 08 July 2025 10:58 am

M&S shares sink lower after failing to recover from cyber attack

By: Jon Robinson

Add as a preferred source on Google
M&S has been battling a cyber attack for a number of months.
M&S has been battling a cyber attack for a number of months.

Shares in FTSE 100 giant M&S are now lower than they were at the height of the cyber attack that hit the British icon earlier this year.

The retailer’s shares are currently changing hands for 337p, after declining steadily from their 374p price on 16 June.

That price was itself a recovery from the low of 345p in the immediate days after the cyber attack was revealed in April.

Shares in M&S had been trading at a high of 411p on the day before the FTSE 100 giant confirmed it was battling a serious cyber attack – their highest price since the end of 2015.

As a result of the fall in share price, millions have been wiped of the market capitalisation of M&S.

The continuing decline in its share price comes after chief executive Stuart Machin confirmed on 1 July that he expects the worst of the retailer’s cyber attack to be over within the month.

M&S has previously estimated the fallout from the cyber attack – thought to be related to the hacking group Scattered Spider – will cost £300m, although some of this will be mitigated by insurance claims and cost efficiencies made elsewhere.

The retailer said in June that the lack of online orders has “heavily impacted” its trading profit, as have costs associated with reduced food availability and waste.

Last week, Machin added: “This year we are stepping up the pace of our programme and investing over £300m to rotate and renew stores across the country.

“We have a rigorous strategy to make sure we have the right stores in the right places, and this year we will deliver 37 new and renewed stores with the best of our food, fashion and home and beauty to our 32m customers.” 

‘Traumatic’ cyber attack like an ‘out-of-body experience’

The chairman of M&S has said the major cyber attack that left the retailer unable to take any online orders for more than six weeks was like an “out-of-body experience” and “traumatic” for the firm.

Archie Norman has told MPs on the Business and Trade Sub-Committee today that he had not experienced “anything quite like this” before in his extensive experience in the corporate world.

He said: “It’s like an out-of-body experience.

“It’s fair to say that everybody at M&S experienced it, like our ordinary shop colleagues working in ways they hadn’t worked for 30 years, working extra hours just to try and keep the show on the road.

Read more

Jaguar Land Rover eyes cost-cutting and wealthy buyers in cyber attack recovery

JLR logo prominently displayed in an automotive business setting, highlighting the companys brand presence and identity

“For a week probably the cyber team had no sleep, or three hours a night.

“It’s not an overstatement to describe it as traumatic, and it has endured some weeks. We’re still in the rebuild mode and will be for some time to come.”

The chairman added the group behind its cyber attack, reported to be Scattered Spider, were believed to be working with an Asia-based ransomware operator named as DragonHorse.

Norman said: “The attacker is working through intermediaries too, so we believe in this case there was the instigator of the attack, and then – believed to be DragonHorse – a ransomware operator we believe are based in Asia.

“So you’ve got loosely aligned parties working together.

“We took an early decision that nobody at M&S would deal with the threat actor directly – we felt the right thing was to leave this to the professionals who have experience in the matter.”

He added that the so-called “threat actors” also chose to communicate with the media, and were in contact with the BBC following the hack.

The chairman also suggested that businesses do not need to give into demands from cyber attackers, adding: “In our case, substantially, the damage had been done.”

‘Solid performance bodes well’ for M&S

In a recent analyst note Susannah Streeter, head of money and markets at Hargreaves Lansdown, said M&S was “halfway there, but there’s still a lot to get back online before the company can put the cyber attack behind it”.

She added that “there will be high hopes that M&S can put this unfortunate chapter behind it, and the early signs are that there is pent up demand, particularly for its summer styles, with many of the popular products sold out online”.

Streeter said: “Its strong set of annual results showed the retailer was in a resilient position before the cyber attackers infiltrated systems.

“Sales growth in the fashion and home and beauty division reflected improved customer perceptions of value, quality, and style.

“Demand for M&S food remains robust, with increased volumes driving growth. So, with the underlying performance remaining solid, it bodes well for M&S ahead, but until everything’s back up and running, it’s likely to weigh on investor sentiment.”

Read more

The Debate: Should CEOs be held personally accountable for cyberattacks?

Evil-looking keyboard symbolizing cybersecurity threats and hacking risks in a digital landscape.

Share this article

  • Facebook
  • X
  • LinkedIn
  • WhatsApp
  • Email

Similarly tagged content:

Sections

  • News

Categories

  • Business
  • Retail

People & Organisations

  • cyber attack
  • cyber attacks
  • cyber security
  • cyberattack
  • cyberattacks
  • ftse 100
  • M&S
  • Marks & Spencer
  • Marks and Spencer
  • Marks and Spencer (M&S)
  • Marks and Spencer shares
  • Retail

Trending Articles

  • Harry Styles at Wembley Stadium review: running through the grief

  • Nottingham Forest owner Marinakis announces £210m stadium plans

  • I’ve taken the best train trips in the world. Here are my 5 favourites

  • Natwest boss becomes latest City figure caught in AI social media scam

  • Nothing fails to file accounts months after dissolution threat

More from City PM

  • Jaguar Land Rover eyes cost-cutting and wealthy buyers in cyber attack recovery

    Retail
    JLR logo prominently displayed in an automotive business setting, highlighting the companys brand presence and identity
  • The Debate: Should CEOs be held personally accountable for cyberattacks?

    Opinion
    Evil-looking keyboard symbolizing cybersecurity threats and hacking risks in a digital landscape.
  • Gambit Cyber Launches Vizier AI – An Autonomous Security Intelligence Workspace for Continuous Exposure Management

    Business Wire
  • FTSE 100 giant ABF shares slide as it braces for £60m sugar crash after Iran war

    Retail
    Sugar granules close-up on a wooden surface, highlighting texture and crystal structure, relevant to sugar industry news.
  • Investec shares rise amid takeover speculation

    Investing
    Investec has selected the four winners of its Beyond Business programme
  • Professional services firms the ‘flavour of the month’ for cyberattacks

    Prof Services
    The ICO said it initially planned to fine Capita a total of £45m, but this was later reduced by “mitigating factors”
  • FTSE 100 Segro shares rocket as it fights off £12.6bn swoop by US real estate giant

    Markets
    David Sleath, Chief Executive Officer, delivering a speech at a business conference with a focused expression.
  • ‘Act now’: AI models capable of attacks on governments months away, Five Eyes warn

    Tech
    GettyImages 158774123 showcases a relevant business meeting scene, highlighting diverse professionals engaged in discussion.

City PM — European politics, business and analysis.

Europe

  • Germany
  • France
  • Europe
  • UK & Ireland

Topics

  • Business
  • Markets
  • AI
  • Technology
  • Opinion
  • Energy

More

  • Politics
  • Economics
  • Fintech
  • Legal
  • Sport
  • Life

Company

  • About City PM
  • Editorial Policy
  • Corrections
  • Contact
  • Terms of Use
  • Privacy Policy
  • Cookie Policy
© 2026 City PM · Published by CityPM Media, Bahnhofstrasse 65, 8001 Zürich, Switzerland
About · Editorial Policy · Corrections · Contact · Privacy