The M&S cyber attack is a wake-up call for all online retailers

“We are working day and night to manage the current cyber incident,” said Marks and Spencer CEO Stuart Machin after a hack last week forced critical systems offline, which meant all online orders were “paused” and somes stores had empty shelves. Hundreds of agency workers were told not to clock on, and an estimated £650 million was wiped from the retailers’ stock market value.

Roughly a third of the group’s clothing and home business is transacted online, with nearly £4m a day spent via the shuttered channel. Machin thanked customers for “sticking by” the company, adding: “We are really sorry that we’ve not been able to offer you the service you expect from M&S over the last week.”

Fortunately for M&S, despite the retailer’s many ups, downs and missteps over the past couple of decades, its brand is still a powerful one and many consumers continue to hold it in high esteem.

The May Day Bank Holiday weekend is a particularly bad time for an online retail operation to shut down. The weather has been unusually warm and consumers typically respond to this by jumping online to purchase summer clothing. Some will inevitably go elsewhere.

But the fact that the majority appear willing to give the company time to fix things should limit the impact of this assault. Customers will be aware that M&S is not at fault for any problems they may have experienced as a result of the hack; it is the victim here. Machin was right to thank them for their forbearance.

His words were important because they help to put a human face on the crisis engulfing the company. That matters. So does keeping consumers and the markets informed with further updates. Nature abhors a vacuum, and in the information age, or rather, the misinformation age, there are those who will seek to fill it if the company does not.

While Machin and his colleagues are doubtless burning the candle at both ends, focussing on computers and code, they need to be alive to this and the lessons learned from other IT attacks or snafus. Poor communication on the part of those at the sharp end has been a feature of these, generally serving to make bad situations much worse.

I still remember writing on TSB’s disastrous attempt to migrate its IT from a set up provided by former owner Lloyds to one operated by its current owner Sabadell. This locked some customers out of their bank accounts, for many days in a minority of cases.

The difference with the M&S situation was that this was an entirely a self-inflicted wound and the impact on customers was far more serious. But the point remains valid. The problems were exacerbated by the banks’ dreadful communications. Effective management of this is an important tool when it comes to this sort of crisis. Others should take note.

As for the perpetrators, who also appear to have targeted Harrods and the Co-op and may yet chance their arm on others, it is imperative that they are identified and brought to book as quickly as possible because this attack isn’t just a crime on M&S and the affected retailers. It is an attack on their customers. In fact, it is an attack on all consumers.

Retailers are in a tough spot, and not just because the economy is weak and consumer confidence low. Chancellor Rachel Reeves’ decision to tax jobs by hiking employer National Insurance Contributions, and reducing the level at which they kick in, disproportionately hit the sector because of its large, relatively low-waged workforce. M&S alone employs 65,000.

Higher costs mean higher prices. Retailers are now going to have to review and potentially upgrade their IT systems to ensure there is no repeat of this. This is the worst possible time for the sector to face chunky, unexpected bills and we’ll all pay the penalty at the checkout.