Yazılar

Britain’s Co-op Warns of $161 Million Profit Hit From Cyberattack

/in /tarafından

The Co-op Group, one of the UK’s most recognizable retailers, said on Thursday that a “sophisticated” cyberattack in April will reduce its annual profit by about £120 million ($161 million).

The 181-year-old, member-owned cooperative—which operates supermarkets, funeral services, legal, and insurance businesses—said it moved quickly to shut down several systems to contain the breach. That decision, however, caused major operational disruption, including shortages in food availability at stores.

The financial toll was clear in its latest results: for the first half of the year to July 5, revenue dropped by £206 million, while profit fell by £80 million. The company reported an underlying pre-tax loss of £75 million, compared with a £3 million profit a year earlier.

Finance chief Rachel Izzard said the full-year impact will total £120 million, with only limited insurance recovery. “We had the front-end elements of cyber insurance in place … but we don’t believe we will be claiming on insurance for back-end losses,” she explained.

Roughly £40 million of the second-half hit reflects new investments to strengthen cyber defenses. The Co-op’s Chief Digital and Information Officer, Rob Elsey, said attackers gained access through social engineering, impersonating a colleague to compromise their account—similar to a recent attack on Marks & Spencer.

The group’s food retail business, which generates the bulk of its revenue, slipped 1.6% to £3.6 billion, as it lost market share to rivals. Overall revenue was down 2.1% to £5.5 billion.

The company expects the rest of the year to bring continued pressure from high costs, global volatility, and intense competition, but still plans to open 30 new stores.

M&S Digital Chief Steps Down Months After Cyberattack

/in /tarafından

Marks & Spencer (M&S) announced on Thursday that Rachel Higham, its chief digital and technology officer, is leaving the company less than a year after a major cyberattack crippled its online operations.

Higham, who joined in June 2023, will be taking a career break, according to an M&S spokesperson. “She has been a steady hand and calm head at an extraordinary time for the business and we wish her well for the future,” the company said.

Fallout from the Cyberattack

  • In May, M&S estimated the hack would cost about £300 million ($405 million) in lost operating profit for the 2025/26 financial year.

  • The retailer said it hoped to offset about half of that hit through insurance payouts and cost controls.

Leadership Reshuffle

Higham’s departure has prompted a broader management shake-up:

  • Sacha Berendji, a long-time M&S executive, will now oversee digital and technology alongside his role in property and store development.

  • Thinus Keeve, retail director since June, will shift to report directly to CEO Stuart Machin.

Market Impact

M&S shares are down 8.5% year-to-date, as investors weigh the financial impact of the cyberattack alongside leadership changes.

M&S CEO: Cyberattack Fallout Will Largely Be Over by August

/in /tarafından

Marks & Spencer CEO Stuart Machin told shareholders on Tuesday that the British retailer expects to be past the worst effects of a major cyberattack by August, as the company works to restore operations and rebuild consumer trust.

The April cyberattack dealt a serious blow to the company, causing a £300 million ($413 million) hit to profit. It forced M&S to shut down its online store for nearly seven weeks, disrupted stock automation systems, and led to empty shelves in stores during May.

Speaking at M&S’s annual shareholder meeting, Machin said: “I’m really hoping by August, the majority of this is behind us.” This marked the first opportunity for investors to question leadership directly about the incident and its aftermath.

Questions over preventability and accountability were front and center. When asked if the cyberattack could have been prevented, Chairman Archie Norman acknowledged that “there’s always something that could be done” and that M&S continues to examine the details of the breach. Machin added that the attack exploited a third-party contractor via a social engineering tactic.

The CEO defended M&S’s prior cyber readiness, noting that the company had quadrupled its investment in cybersecurity and tripled the size of its cybersecurity team in the year leading up to the breach. “I’m glad we invested then. I’m glad we continue to invest,” Machin said.

One shareholder raised concerns about executive accountability, questioning whether Machin’s £7.1 million pay package, which rose 39% last year, should be reduced in light of the incident. Norman responded that incentive pay was tied to shareholder outcomes and that it was too early to determine adjustments.

Currently, the M&S online store is still only partially operational, with full restoration expected within four weeks. Automation systems at the Donington logistics hub are also expected to be fully functional by August, according to Machin.

In the meantime, the company is focused on reinforcing internal training to defend against further attacks and to bolster awareness of social engineering vulnerabilities.