Marks & Spencer boss Machin on cyber attack experience, lessons and action

While M&S may be in the “best financial health” it’s been in in the last 30 years, recent coverage of the retailer has been dominated by the ongoing fallout from last month’s cyber-attack. Today, boss Stuart Machin outlined what M&S is doing to recover and what will happen next.

‘Suspicious activity’ prompted rapid response

“April started really strongly, continuing the momentum from last year. Then over the Easter bank holiday, I got a call from one of the team to say they spotted some suspicious activity.

“Over the last two years, we’ve invested in new systems and tools and been growing our in-house security team to help spot this type of activity.

“Unable to get into our systems by breaking through our digital defences the attackers did try another route, resorting to ‘social engineering’ and entering via a third party rather than a system weakness.

“Once access was gained, they used highly sophisticated techniques as part of the attack. Thankfully, the time between gaining access and detection by our team was short. We actually carried out a cyber-attack simulation last year so we had a protocol ready.

“It meant we knew who to call, and we knew immediately to put our business continuity plans into action. That’s what we did that evening. We called in several cyber experts, assembled the best support team, including technology partners, and of course notified the relevant authorities immediately.

“We were able to respond quickly and take the right actions immediately to keep us secure, protect the business and customers and our suppliers, and keep our shops open to serve customers.

“It did mean we proactively took actions to take some of our systems offline. This resulted in disruption in the short term.”

Cleansing digital estate

“We have reviewed and, as a precaution, we’ve been cleansing our whole digital estate. We have over 600 applications and thousands of servers so it takes time. We’re starting to bring our systems back online in a controlled way, and we are ahead of our expected timeline. We’re only four-and-a-half weeks in since the incident. Sometimes it feels like four-and-a-half months but in our multi-year journey, four-and-a-half weeks is a short period.

“We cut our online systems off straight away but turning back on is quite complex. There are over 30 critical interconnected systems.”

“To be honest, for me and my team it has been the most challenging situation we’ve encountered but we are now recovering well.”

Chief executives rallied round in ‘most challenging situation’

“So many chief executives have called me over the last few weeks, going through similar stories in their businesses, albeit maybe not as public as ours. I really appreciated them getting in touch, sharing their experience, advice and offering support.

“The chief executives who called me gave me some tips in the early days. Firstly, they told me how challenging the situation would be. Secondly, they told me to watch out for burnout, whether it’s myself or my team in the first few weeks.

”Thirdly, they told me it takes longer than you would ever predict or expect, and it could be a distraction for the business in the short term. To be honest, for me and my team it has been the most challenging situation we’ve encountered but we are now recovering well.”

Time to accelerate tech investment

“We will use this window of disruption to accelerate our plan, condensing two years of tech transformation into six months.

“At our capital markets day we highlighted we’re in the early stages of our tech transformation. We are going to use this window of disruption to accelerate our plan.

“In the light of the cyber incident, we are using the disruption to bring forward investment, rephasing the original programme, accelerating plans to upgrade infrastructure and network connectivity, store and colleague technology, and supply chain systems.

“This will reduce the interdependency of systems and improve operational resilience. Our overall aim remains the same—to improve technology foundations, simplify infrastructure and applications, to increase resilience further, and lower technology run costs.”

“Having spoken to all our colleagues many times over the past four weeks, there is an incredible fighting spirit, a deep sense of responsibility.”

Online disruption to continue until July but confidence in second half

“Since the incident, food sales have been impacted by a few weeks of reduced availability. Although we’re now back on track, we incurred more waste and high logistics costs, so that will impact profit just in the first quarter. In fashion, home and beauty stores have remained resilient but our online operations are offline. That will impact sales and profit in the first half.

“Our current estimate anticipates an impact on group operating profit level of £300m this financial year. That’s the gross number—it will be reduced through managing costs, trading actions and insurance recovery. We’re confident we will enter the second half with a strong customer proposition, returning to the performance we were delivering.

“Having spoken to all our colleagues many times over the past four weeks, there is an incredible fighting spirit, a deep sense of responsibility.

“Here’s my perspective: it’s been a challenging time, but it’s a moment in time. We have a very good business and strong performance, strong foundations and a solid financial footing. We will recover pace and we will regain momentum.”