For years, Marks & Spencer was the subject of endless scrutiny, a retailer perpetually on the brink of relevance. The story of its recent return to form has been one of the high street’s most compelling narratives. But the release of its latest Annual Report and subsequent half-year figures reveals a dramatic new chapter: the moment a sophisticated cyberattack sliced straight through the retailer’s triumphant momentum. The combined announcements present a striking paradox: underlying growth is the strongest it has been in decades, but the digital disruption has created an immediate financial shockwave that few analysts predicted.
M&S’s Annual Report for the year ended March 29, 2025, celebrated success. It confirmed that the “Reshaping M&S for Growth” strategy was not just working, it was delivering. The Group’s profit before tax and adjusting items, the key measure of underlying health, surged to £875.5 million, marking an increase of 22.2% year-on-year, while Group Revenue climbed by 6.0% to £13.8 billion. The crucial Fashion, Home & Beauty division, long the company’s anchor, achieved market share growth, increasing its total share to 10.5%. The strategy to serve customers “wherever and however they want” was proving successful, with 34% of sales now flowing through online channels. The report boasted the company’s “best financial health for nearly 30 years,” with Net Funds of £437.8 million. In short, M&S had definitively shed its ‘ailing giant’ status and was positioning itself as a sophisticated, modern omnichannel retailer.
The good news, however, was quickly overshadowed by the residual impact of the sophisticated cyber incident that occurred shortly after the financial year-end. In their subsequent half-year reporting, M&S revealed the full cost of that digital shock. Adjusted profit before tax for the six months to September 27, 2025, more than halved, dropping by 55.4% to £184.1 million. The statutory pre-tax profit was all but wiped out, collapsing by over 99%. The core damage was to the Fashion, Home & Beauty online business. The enforced suspension of web orders and subsequent disruption to logistics caused sales in the division to slump by 16.4%. The inability to manage stock and supply effectively created a cascade of problems, forcing the retailer to rely on manual systems. The company estimates the full-year financial impact of the incident will be approximately £300 million, though £100 million in insurance proceeds offers some mitigation. The cyberattack essentially created a temporary chasm between M&S’s digital ambition and its operational reality, proving that in today’s retail landscape, cyber-resilience is as critical as style authority.
M&S CEO Stuart Machin has described the cyberattack as an “extraordinary moment in time” and a “bump in the road”. The company’s response has been to double down on its commitment to its growth strategy, signaling to the market that the trajectory remains intact. Management has accelerated its planned improvements, raising its total cost reduction ambition to £600 million. Furthermore, the company declared an increase in its proposed full-year dividend to 3.6 pence per share. This dividend increase, despite the massive profit hit, is a calculated signal of confidence, reassuring investors that the underlying business remains solvent and on track for recovery in the second half of the year.
The story of M&S has shifted from a turnaround in product and brand to a crucial test of operational resilience. The business has proven it can fix its fashion problem; the next question is whether it can absorb a catastrophic digital shock and emerge as a stronger, more cyber-secure retailer ready to capture the full potential of its omnichannel ambitions. The industry will be watching closely.
