This is not just a cyberattack… this is an M&S cyberattack

M&S is not the first retailer to be targeted in a cyberattack. It won’t be the last. It isn’t even the latest. But it’s definitely the most high-profile cyberattack in this country to date, dominating the news agenda and capturing the media and the shopper’s imagination – a testament to its popularity as Britain’s most-loved brand (as well as the shocking revelation that the hackers are teenagers, and British ones at that).

And who’s to say it won’t be the biggest, too? The nonpareil. It’s not just… the sales it’s losing, with online clothing, home and beauty ordering suspended and “some stores” suffering from “pockets of limited availability of some [grocery] items”.

It’s not just… that the stakes are that much higher too because M&S has been doing such a cracking job of late, and the management will be desperate to ensure the momentum, goodwill and trust it’s built up isn’t lost.

And it’s not just… the potential ransom it might need to pay to make this go away (with all the risk that entails).

Read more:

• Marks & Spencer cyberattack: the reasons, damage and lessons

• M&S cyberattack linked to group of hackers as young as 16

• What can M&S’s ‘cyber incident’ teach retailers about trust?

In the biggest payouts, it’s invariably been the cost of class action lawsuits if customer valuable data gets into the wrong hands that has had the biggest impact. And a large, multichannel, multicategory retailer is arguably the perfect target for hackers, with multiple data touchpoints: payroll, customer data, payment details, supply chain distribution systems, demand forecasting, etc.

It’s also a very public test. Whereas other businesses under attack have been able to operate and negotiate out of plain sight, M&S is trying to manage “proactively”, as it puts it – by taking some systems offline and introducing alternative processes, while consciously keeping others on. And though communication is crucial, it needs to be careful to ensure its actions and its messaging don’t come back to haunt it later on.

One thing is for sure: competitors will be watching from the sidelines, not with schadenfreude but relief that it’s not them – mixed with trepidation they could be next. This is not just a cyberattack. This is an M&S cyberattack. And it’s just not fair. But it’s modern business.