M&S has suffered a reputational hit as a result of the cyberattack which has been wreaking havoc on its operations for nearly two weeks, research suggests.
The retailer has “suffered a measurable blow to its reputation and trust in its brand”, according to consumer research company Maru.
Maru’s latest snapshot consumer survey found between 25% and 32% said they would shop elsewhere because of issues at M&S as a result of the cyber attack.
The proportion that would recommend would recommend M&S had slipped from 87% before the attack to 73% after.
The snapshot also recorded a seven percentage point dip, from 39% to 32%, in those who would “definitely” give M&S the benefit of the doubt in the event of ongoing product or service issues.
However, there is some evidence of continued faith in M&S. The proportion who would either “definitely” or “probably” continue to trust the retailer had dipped only slightly, from 84% to 82%.
M&S said daily recorded YouGov data showed there had been no real change to either positive or negative impressions of the retailer, with 66% of consumers maintaining a positive impression of the brand and only 3% having a negative impression.
Maru conducted its latest survey last week, after M&S told customers of the attack, and compared it to results from January this year. While the latest snap poll had included just 500 consumers, conclusions were based on results that were statistically significant to a 95% confidence level, Maru claimed.
M&S’s ‘cyber incident’
Since M&S CEO Machin first informed customers of the attack on 22 April, it has forced the retailer to halt online clothing and home deliveries and led to what it has called “pockets of limited availability in some stores” as it impacts depot computer systems.
In M&S’s scramble to take systems offline, store staff have been sharing war stories of having to check freezer cabinet temperatures frequently in case the defrost alarms don’t work, as revealed by The Grocer earlier this week.
The attack has forced M&S to suspend contactless payment in stores along with its scan & shop service, and even rendered some stores cash-only. Its Sparks loyalty app – which has 18 million members – has been unable to process rewards for customers.
Online recruitment has also been suspended, with the M&S careers page unable to conduct searches of vacancies, despite the retailer having hundreds.
The attack has been linked to ‘Scattered Spider’, a hacking gang whose members include teenagers from the UK and US, with a history of demanding ransoms to unlock systems. The group is known for using ‘social engineering’ techniques, such as phone staff posing as IT support in order to gain passwords.
Read more: Marks & Spencer cyberattack: the reasons, damage and lessons
“This research highlights how vulnerable even long-established and trusted brands are to the ripple effects of a cybersecurity incident,” said Maru chief research officer Stephen Brockway.
“The drop in brand advocacy, trust and willingness to shop elsewhere reflects a short-term loss in confidence for Marks & Spencer. However, the relatively stable broader trust metrics suggest that with transparent communication and decisive action, M&S has enough corporate reputational ‘credit in the bank’ to weather the storm in the long run.”
‘Working day and night’
M&S has been working with cybersecurity experts from CrowdStrike, GCHQ’s National Cyber Security Centre, the Met Police and the National Crime Agency to regain control.
In a new apology to customers this morning, Machin said: “We are working day and night to manage the current cyber incident and get things back to normal for you as quickly as possible.”
Hacking gangs have been busy too, with Harrods yesterday emerging as the latest retailer to be targeted. A Harrods spokesperson said: “We recently experienced attempts to gain unauthorised access to some of our systems. Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today.”
The news came after it emerged the Co-op had been targeted earlier this week. The convenience retailer had withdrawn staff access to several systems, having “recently experienced attempts to gain unauthorised access”, according to an internal memo. It is also reportedly requiring staff to turn on their cameras when joining remote meetings, so their identity can be verified.
No comments yet