- Marks & Spencer flags £300 million hit to profit as impact of recent cyber-attack laid bare
- The retailer expects disruption to last into July and has brought forward infrastructure spend
- Despite this backdrop M&S struck an optimistic tone, increasing its dividend by 20%
“The £300 million expected impact of Marks & Spencer’s cyber-attack on profits shows the severity of the situation. It suggests hackers have caused considerable damage to the company from a financial and reputational perspective,” says Dan Coatsworth, investment analyst at AJ Bell.
“Marks & Spencer has lost a significant number of sales after temporarily halting online orders. Disruption to supplies meant gaps on the shelves and more lost sales in-store. It has also incurred extra waste and logistics costs, all having a negative impact on profit.
“The fact online operations might not be back to full power until later in the summer means the company still cannot achieve full earnings potential for some time to come. Marks & Spencer will be able to lower the total hit to profit once it claims on insurance, among other factors, but the cyber-attack has still knocked the business for six.
“There’s still a big unknown regarding any potential fines on Marks & Spencer from the Information Commissioner’s Office (ICO), which enforces data protection regulation.
“There are plenty of examples of companies that have been fined by the ICO for not taking appropriate steps to prevent data breaches. The maximum fine by the ICO is £17.5 million or 4% of global annual turnover, whichever is higher. Marks & Spencer has just reported £13.8 billion revenue, so 4% of that figure is £552 million.
“That’s in a worst-case scenario, and any fine would account for many different factors. We’re unlikely to find out in the near term if there will be a fine as there will be investigations galore into exactly what’s happened and into the retailer’s overall data protection capabilities.
“British Airways faced a £183 million fine in 2019 following a data breach but only ended up paying out £20 million after investigators accounted for the airline’s financial stress during the pandemic. Tesco Bank was fined £16.4 million by the FCA for failing to exercise due skill, care and diligence in protecting customers against a cyber-attack in 2016.”
What happens next for Marks & Spencer?
“Now comes the hard part of trying win back customers’ trust. That means banging the drum to convince shoppers their personal information is safe if they shop with Marks & Spencer. The retailer must also ensure its physical and online stores operate without disruption and have a wide range of products in stock.
“Shoppers may eventually forget about the cyber-attack, but Marks & Spencer can take no chances in the near term. It needs to be on the ball, get customers back on side, and ensure its systems are as secure as Fort Knox.”
What else is happening with M&S?
“The cyber-attack has prompted Marks & Spencer to bring forward investment into upgrading its infrastructure which implies greater spending near-term. This action has clearly moved up the agenda from ‘nice to have’ to ‘must have’.
“Former Boohoo boss John Lyttle has been drafted in to improve the efficiency of Marks & Spencer’s clothing arm. The products are already chiming with the public, so the next task is to make the behind-the-scenes operations run as smoothly as possible. That means more automation, new systems and strengthening the supply base.
“It’s notable that Marks & Spencer continues to express disappointment over its joint venture with Ocado. Business has been picking up in terms of active customer growth and sales, but this isn’t translating into the type of profits that Marks & Spencer clearly wants.
“Despite a somewhat chaotic backdrop and more demands on cash in the business, the company’s decision to raise dividends by 20% shows it is confident about the outlook. The overall tone of the results is one of a business determined to show the hackers it has the strength and skills to fight back.
“Marks & Spencer has been through multiple challenges in its long history, and each time it has overcome them and emerged triumphant. Chief executive Stuart Machin will be hoping that people say the same thing in a year’s time. He just needs to stabilise the ship in the interim and get back on top.”
