The recent cyberattack on retail giant Marks & Spencer should serve as a deafening alarm bell to businesses of all sizes. If a company with M&S’s resources and infrastructure can be compromised, what does that mean for the average small or medium-sized enterprise?
What Happened to M&S?
In early 2025, Marks & Spencer was hit by a devastating cyberattack, reportedly orchestrated by the ransomware gang Scattered Spider. The breach caused major system outages, disrupted online orders, and is projected to cost the retailer nearly £300 million in lost profits and reputational damage.
The attack targeted third-party suppliers and infiltrated M&S systems through exploited security gaps—an all-too-common weak link in modern supply chains.
What Can Businesses Learn from the M&S Hack?
- Supply Chain Security Is Non-Negotiable: Vet and monitor suppliers’ cybersecurity policies.
- No Business Is Too Big—or Too Small: SMEs are frequently targeted due to weaker defences.
How to Protect Your Business from Cyber Attacks
- Implement Multi-Factor Authentication (MFA): Adds an extra layer of protection against unauthorised access.
- Regularly Update Software: Outdated systems are a hacker’s playground; keep them updated.
- Train Your Staff: Employees should know how to spot phishing emails and follow security protocols.
- Backup Data Frequently: Keep secure, off-site backups to avoid paying ransoms.
- Invest in Cyber Insurance: Helps cover losses and damages post-breach.
- Monitor for Unusual Activity: Use intrusion detection systems to catch suspicious behaviour.
What Should Companies Do After a Cyberattack?
- Act fast: Isolate infected systems to prevent spread.
- Notify affected parties: Build trust while keeping them safe.
- Report to authorities: Cooperate with cybercrime units.
- Review and improve protocols: Every breach is a learning opportunity.
The M&S Warning Shot
The M&S hack is a stark reminder that cybersecurity is not optional—it’s foundational. Every company, from local coffee shops to national chains, must view cybersecurity as a core business priority.
Because in today’s world, it’s not a question of if you’ll be targeted, but when—and how ready you’ll be when the moment comes.
Why should I read this?
This article is a must-read if you’re running a business or planning to start one. The M&S cyberattack shows that no one is safe from threats—big or small. Understanding how to protect your business is crucial to navigating today’s risks. Save yourself time and get the scoop on protecting your precious assets!
