In late April 2025, retail giant Marks & Spencer (M&S) became the latest high-profile victim of a sophisticated cyberattack — and the ripple effects are still being felt weeks later.
The attack, which began on April 21, has caused widespread disruption across the company’s operations. From suspended online orders to frozen recruitment and blocked internal communications, M&S is struggling to get back on its feet. Customers can’t use contactless payments, click-and-collect services are down, and employees have even had to switch from Microsoft Teams to WhatsApp just to communicate internally.
“It’s absolute chaos behind the scenes. People are working around the clock just to keep the lights on,” one insider told The Times.
While M&S has remained relatively quiet on the details, hacking group DragonForce has claimed responsibility for the breach. The UK’s National Cyber Security Centre (NCSC) and National Crime Agency (NCA) are now investigating the incident as part of a broader crackdown on ransomware gangs targeting critical sectors.
Why This Attack Is Different
Although cyberattacks on retailers are nothing new, what makes this case alarming is the sheer scale and duration of disruption. Insiders say M&S did not have a robust cyberattack response plan, which has extended recovery efforts significantly. Some experts say full restoration could take months.
M&S is a classic example of why cyber resilience planning is no longer optional
Jamie Collier, Senior Threat Intelligence Advisor at Mandiant
This wasn’t an isolated incident. The attack on M&S comes amid a worrying trend: other UK retailers like Harrods and the Co-op Group have also reported cyberattacks this year, raising fears of a coordinated offensive targeting the retail industry
What SMBs Should Expect — and Prepare For
While M&S has deep pockets and global reach, small and medium-sized businesses should not brush this off as a “big brand problem.” If anything, it’s a preview of what could hit smaller companies with even more devastating consequences.
Cybercriminals often target retail businesses for two reasons:
- High volume of customer data: Payment information, emails, personal addresses — all lucrative for attackers.
- Tight operational windows: Disruptions mean serious revenue loss, making companies more likely to pay ransoms.
And the trend is accelerating. According to Check Point’s 2025 Global Threat Intelligence Report, ransomware attacks have surged by 33% year-on-year, with the retail sector seeing one of the steepest increases.
So, what’s next?
Expect to see:
- More AI-powered ransomware campaigns, making phishing and malware harder to spot.
- Targeted attacks on supply chains and point-of-sale systems, where SMBs often lack proper defenses.
- Tighter regulatory scrutiny, as governments push retailers to better secure consumer data.
The Bottom Line
The M&S cyberattack is a wake-up call for businesses of all sizes. Whether you run a local chain or manage IT for a handful of retail clients, the lesson is clear: having basic cybersecurity is no longer enough.
You need:
- A tested incident response plan
- Offline data backups
- Employee cybersecurity training (yes, even retail staff)
- Partnerships with IT security providers or MSPs for monitoring and rapid response
Or as Collier sums it up: “The question is no longer if you’ll be targeted, but how ready you are when it happens.”