In an era where digital systems are central to operations, one serious cyber attack can cost a company far more than just money. It can cost trust, reputation, and future business. If a well-established brand like Marks & Spencer (M&S) can be targeted, it’s a clear sign that every business needs to recognise cybersecurity is a top priority.
As a specialist IT recruitment company, we see firsthand just how critical cybersecurity talent has become. This is a growing risk no employer can overlook, and the M&S breach shows exactly why.
What Happened With M&S?
In April 2025, Marks & Spencer faced a targeted cyber-attack that disrupted its online services, including click-and-collect and contactless payments. The company expects disruptions to continue gradually until July as it restores full operations. The hackers gained access through a third-party supplier using social engineering tactics.
The attack is estimated to reduce M&S’s profits by around £300 million, about a third of its expected profit. Despite the disruption, prior cyberattack simulations helped M&S respond quickly and limit damage.
Why Cybersecurity Talent Is More Important Than Ever
The M&S attack underscores that cyber risk extends beyond a company’s own systems, third-party vulnerabilities can lead to significant breaches. It also shows how skilled cybersecurity professionals are crucial to both prevention and rapid response.
Businesses today face increasingly complex threats, and demand for cybersecurity roles such as Security Engineers, SOC Analysts, and Risk & Compliance Officers has never been higher.
How Cybersecurity Impacts All Businesses
Cybersecurity is no longer a concern only for tech firms or financial services. As digital transformation accelerates, businesses across retail, manufacturing, healthcare, education, and beyond face increasing cyber threats.
Even leading brands with strong security measures can fall victim. The M&S breach shows how interconnected systems and supply chains make every business potentially vulnerable.
What Employers Can Learn From M&S
- Being prepared pays off: M&S prior cyberattack simulations helped mitigate damage and speed recovery.
- Human element is key: Social engineering remains one of the most common attack methods, emphasising the need for ongoing employee training.
- Third-party risks matter: Monitoring and securing supplier networks is essential.
- Response plans are critical: Rapid action and transparency helped M&S manage customer trust during the crisis.
- Invest in skilled cyber talent: The right team can help prevent attacks and reduce impact when breaches occur.
The M&S cyber-attack is a powerful reminder that cyber threats are damaging and costly. Cybersecurity is now a business essential, requiring the right people, processes, and technologies, and understanding this landscape is crucial for employers and recruiters alike.
Written by Ellen Gough