‘Stores may mitigate M&S’ cyber disruption, but shoppers’ omnichannel expectations bring risk’

During the pandemic, tech rode to the rescue of stores as many were forced to close.

Now, bricks-and-mortar has come to the aid of tech—to some degree. In the case of Marks & Spencer, which has been hit by a cyber attack and has suffered disruption for the last three weeks—notably the suspension of online trading.

M&S’ clothing and home division makes about a third of its sales online, which averages out at roughly just under £4m a day, so the loss of the online channel is a significant blow.

But that stat means of course that the bulk of such sales take place in-store, which gives M&S a way of mitigating the online sales haemorrhage in clothing. The retailer sells its food online though Ocado so that is not affected in the same way by the cyber incident, although there have been product shortages reported in some stores because of the interruption to business as usual.

But no matter how crucial stores are now proving for M&S’ clothing sales, the reality is that customers have become used to an omnichannel offer from most retailers—so there won’t be a straightforward transfer of all clothing sales to stores.

In some ways it’s a bit ‘back to the ‘90s’. Remember when it could be something of a lottery when visiting a clothing store as to whether or not it would have the item you wanted in stock, and in your size?

The longer M&S’ difficulties go on, the more likely it is that shoppers will switch to other retailers to, for instance, make use of click-and-collect services to make sure they get what they want.

“Having to go back to the ‘90s is best reserved for party theme-nights.”

Next, one of M&S’ main rivals which this week reported stronger than expected trading, might be one beneficiary.

Next this week reported that sales in its shops rose 5.2% in the quarter to April 23, while UK online sales were up 8.9%. The quarter included just a few days of the period since M&S was targeted by cyber criminals, so did not reflect any shift of shoppers from M&S to Next.

Instead, Next cited good weather as having helped performance, especially in shops. It also said the weather may have pulled forward some sales of summer lines.

Both aspects might help M&S escape the worst scenario as it battles to recover from being targeted by cyber criminals. It too may have benefited from consumer enthusiasm for summerwear. And if sales were pulled forward, the hit to trade since may not be as bad as it could have been. M&S issues full-year results later this month, when no doubt more will be revealed.

But that’s reason for the briefest sigh of relief at best. When omnichannel is the norm no retailer can afford to let cybersecurity slip down the corporate agenda—attacks on the Co-op and Harrods as well as M&S all show that no retailer can let down their guard for an instant.

So retailers should act on the advice of the National Cyber Security Centre, which said at the start of this month that “these incidents should act as a wake-up call to all organisations”.

MP Liam Byrne, who chairs the House of Commons Business and Trade Committee, has written to M&S asking, among other things, “what lessons you have learnt from this, and how could these be applied to other firms in your sector?”

Once M&S has got to grips with the problems it’s now confronting, it should share those lessons. Like shoplifting and abuse of staff, cyber attacks are a crime, so retail needs a united front to address the problem as effectively as possible. Having to go back to the ‘90s is best reserved for party theme-nights.