Skip to content
City PM
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
Monday 06 July 2026 4:18 pm

M&S to face shareholder grilling over cyber attack recovery

By: Felix Armstrong

Retail Reporter

Add as a preferred source on Google
Marks and Spencer was one of three UK retailers to be targeted
M&S shareholders will want evidence of "decisive action" on cyber security

Marks and Spencer is set to take a grilling from shareholders over whether it has made a meaningful recovery from the cyber attack which wiped out nearly a third of its profit.

The FTSE 100 retailer will face investors at its annual general meeting on Tuesday, where it will expect to be quizzed on whether it has fixed the foundations of its fashion arm, and whether its grocery business can maintain its rapid growth.

The company was hit by a cyber attack in April last year which shut down its website for 12 weeks and left some shelves empty. 

Chairman Archie Norman described the incident as “traumatic” and the firm revealed in May that it chose to slash bonuses for every single member of staff in a bid to shore up its finances.

M&S saw its profit slump by 29 per cent to £365m in the year to March despite growing revenue, as it took a £131m hit from the incident. 

Board ‘to face scrutiny’ over cyber attack

The retailer’s chief executive Stuart Machin told The Times earlier this year that the company’s board will suspend bonuses for each of its 63,000 staff, including himself and Norman.

Machin said the decision was taken in the wake of the 2025 cyber attack which crashed the retailer’s website for 12 weeks and left some shelves empty.

Stuart Machin, the chief of Marks and Spencer
Stuart Machin’s pay was slashed in 2025

“I was part of this decision and I think it’s the right one. It does not, however, take away from the fact that everyone worked harder than ever during a very challenging period and I am very grateful to them for doing so,” the chief executive said.

Duncan Ferris, an analyst at investment platform Freetrade, told City PM that the retailer’s top brass will be expected to demonstrate that lessons have been learned and that the business has strengthened resilience against future hacks.

“It’s fair to say the executive team may face scrutiny,” he said. The inclusion of board members in the freeze on bonuses shows “some contrition,” he added, but investors “will want to know this accountability has been paired with decisive action”.

Announcing the firm’s full year results in May, Machin said his company had endured a “year of two halves,” in which the retailer got back on its feet during the closing months of its reporting period. 

Read more

Jaguar Land Rover eyes cost-cutting and wealthy buyers in cyber attack recovery

JLR logo prominently displayed in an automotive business setting, highlighting the companys brand presence and identity

The online blackout caused by the cyber attack meant that M&S’ fashion arm was the worst affected, and analysts told City PM that shareholders will seek assurance that this part of the business has been overhauled rather than simply patched up.

M&S under pressure to win back customers

Dan Coatsworth, head of markets at stock broker AJ Bell, said that rival fashion retailer Next “pinched” a large number of customers from M&S while it was suffering from stock shortfalls caused by the incident.

“Investors will want to know what’s being done to win these customers back. Next has really upped its game with clothing and M&S might find its recovery efforts are going to take longer than previously expected,” he said.

Sales at the retailer’s fashion, home and beauty arm declined by nearly eight per cent in the year to March due to “the temporary pause in online trading and systems access”.

The buoyant performance of M&S Food had softened the blow of the retailer’s struggling fashion arm, as sales jumped seven per cent to £9.7bn amid million-pound investments in warehouse infrastructure.

Food is now the company’s “core strength”, accounting for more than half of its revenue, and shareholders will want proof that this business “can keep growing volume,” retail analyst Nicholas Found told City PM.

M&S is set to face scrutiny over its decision to allow board member bonuses to be delivered entirely in cash, rather than in 50 per cent shares. 

Institutional Shareholder Services (ISS), a leading shareholder advisory, told investors that it has concerns over the “regressive” move, though it recommended that stakeholders back M&S’ remuneration policy.

In 2023, M&S came under fire after telling its shareholders to join its annual meeting online, meaning they were set to miss out on tea and biscuits and the chance to meet board members face-to-face.

Shares in M&S have jumped more than 16 per cent in the year so far and closed flat at 381p on Monday.

Read more

The Debate: Should CEOs be held personally accountable for cyberattacks?

Evil-looking keyboard symbolizing cybersecurity threats and hacking risks in a digital landscape.

Share this article

  • Facebook
  • X
  • LinkedIn
  • WhatsApp
  • Email

Similarly tagged content:

Sections

  • News

Categories

  • Business
  • Retail

People & Organisations

  • agm
  • AGMs
  • annual general meeting
  • Archie Norman
  • cyber attack
  • cyber attacks
  • fashion
  • food
  • ftse 100
  • ftse 100 boss
  • Grocer
  • Investors
  • Marks and Spencer (M&S)
  • Marks and Spencer shares
  • Retail
  • retail cyber attack
  • retailer
  • Shareholders
  • Stuart Machin
  • Supermarket

Trending Articles

  • Harry Styles at Wembley Stadium review: running through the grief

  • Nottingham Forest owner Marinakis announces £210m stadium plans

  • Burnham told to launch £100bn tax reform package

  • I’ve taken the best train trips in the world. Here are my 5 favourites

  • Natwest boss becomes latest City figure caught in AI social media scam

More from City PM

  • Jaguar Land Rover eyes cost-cutting and wealthy buyers in cyber attack recovery

    Retail
    JLR logo prominently displayed in an automotive business setting, highlighting the companys brand presence and identity
  • The Debate: Should CEOs be held personally accountable for cyberattacks?

    Opinion
    Evil-looking keyboard symbolizing cybersecurity threats and hacking risks in a digital landscape.
  • Gambit Cyber Launches Vizier AI – An Autonomous Security Intelligence Workspace for Continuous Exposure Management

    Business Wire
  • Professional services firms the ‘flavour of the month’ for cyberattacks

    Prof Services
    The ICO said it initially planned to fine Capita a total of £45m, but this was later reduced by “mitigating factors”
  • Yubico Joins European Cyber Security Organisation (ECSO)

    Business Wire
  • ‘Act now’: AI models capable of attacks on governments months away, Five Eyes warn

    Tech
    GettyImages 158774123 showcases a relevant business meeting scene, highlighting diverse professionals engaged in discussion.
  • Neo4j Acquires GraphAware to Launch Intelligence Analysis Alternative to Palantir Gotham

    Business Wire
  • Andy Haldane: Britain after Brexit

    Opinion
    British Chambers President Andy Haldane speaking at a business conference, addressing economic growth and industry challen...

City PM — European politics, business and analysis.

Europe

  • Germany
  • France
  • Europe
  • UK & Ireland

Topics

  • Business
  • Markets
  • AI
  • Technology
  • Opinion
  • Energy

More

  • Politics
  • Economics
  • Fintech
  • Legal
  • Sport
  • Life

Company

  • About City PM
  • Editorial Policy
  • Corrections
  • Contact
  • Terms of Use
  • Privacy Policy
  • Cookie Policy
© 2026 City PM · Published by CityPM Media, Bahnhofstrasse 65, 8001 Zürich, Switzerland
About · Editorial Policy · Corrections · Contact · Privacy