Marks and Spencer Group plc – annual report – 29 March 2025
Industry – retail
32 Subsequent events (extract)
On 22 April 2025, we announced that we had been managing a cyber incident. As part of our proactive management of the incident, we made the decision to pause taking orders via our UK & Ireland websites and apps and some M&S International-operated websites.
In response to the events, we engaged external cyber security experts to assist with investigating and managing the incident. The Group also engaged with the relevant authorities, including reporting the incident to the National Cyber Security Centre and the UK’s Information Commissioner’s Office (‘ICO’) as appropriate.
The incident has been treated as a non-adjusting post-balance sheet event and there has been no impact on the financial results reported for the year ended 29 March 2025.
Our current estimate before mitigation is an impact on Group operating profit of around £300m for 2025/26, which will be reduced through management of costs, insurance and other trading actions. It is expected that costs directly relating to the incident will be presented separately as an adjusting item.
Accounts examples 