Lessons from the M&S Cyberattack: How Brands Can Survive Digital Catastrophe
The threat of cyber attacks looms over every brand, regardless of its history or customer loyalty. In April 2025, Marks & Spencer (M&S), a beloved British retailer, fell victim to a series of devastating cyberattacks. This incident was not only a shocking example of large-scale criminal activity but also a stark reminder of how quickly a brand's reputation can be put in jeopardy.
In this article, we will explore the essential lessons that M&S and other legacy brands can learn from its experience and how they can build resilience to prevent similar crises in the future.
Investing in Brand Resilience Before Crisis Strikes
Trust is not built overnight; it's the result of years of consistent investment in the brand and the development of well-managed brand systems across the entire business. As Lewis puts it, "Trust isn't built in a single moment. It's the result of years of consistent investment in the brand and the development of well-managed brand systems across the entire business."
Legacy brands must prioritize building strong foundations by investing in their brand resilience before a crisis strikes. This includes developing robust cybersecurity measures, maintaining authentic communication channels, and creating a culture of transparency.
Maintaining Authentic Communication
Defining and living up to brand values and having a clear voice with an adaptable tone is how brands weather these sorts of storms. Charlotte emphasizes that brands must communicate in line with their established values and voice. "Defining and living up to brand values and having a clear voice with an adaptable tone is how brands weather these sorts of storms," she reasons.
During times of crisis, it's essential for legacy brands to stick to their core identity and not deviate from their established values. By maintaining authentic communication, they can reassure customers and maintain consumer confidence.
Deploying Transparency as a Strategic Tool
The delivery of information in a crisis is critical. Lewis highlights how transparency is key: "This is where brand values, expression, and UX come into their own." Clear, accessible, and empathetic communication about what happened, what the company is doing about it, and how customers might be affected is essential.
M&S has been following this approach by personally communicating with customers about the breach. The company has also taken proactive steps by emailing all website users, prompting customers to reset account passwords "for extra peace of mind," and reporting the case to relevant authorities.
Acknowledging the Impact on Customers
Customer frustration is rising due to online sales still paused after 17 days. M&S must recognize and address customer frustrations directly. As Sue notes, "With online sales still paused after 17 days, customer frustration is rising. M&S must not rest on its laurels."
Legacy brands must acknowledge the impact of their crisis on customers and take swift action to address their concerns. By doing so, they can rebuild goodwill and maintain a positive relationship with their customers.
Using Crisis as a Catalyst for Improvement
Recovery should include not just fixing the immediate problem but strengthening the brand's overall value proposition. Dave suggests that M&S should consider "new ways to not only be loved but also provide products and services that shoppers can't get anywhere else."
The M&S cyberattack serves as a powerful case study of how legacy brands can leverage their heritage and customer loyalty during times of crisis. While the incident has undoubtedly damaged the retailer financially and operationally, the brand's deep reserves of trust have provided a cushion that many newer companies would not enjoy.
The True Test of a Legacy Brand
The true test of a legacy brand is not whether it can avoid crises altogether but how effectively it can deploy its accumulated trust and goodwill when disaster strikes. In a world where cyber threats continue to evolve in sophistication, resilience is not merely advantageous; it's essential.
Legacy brands must prioritize building strong foundations and deploying transparency as a strategic tool during times of crisis. By doing so, they can emerge from even the most significant challenges with their core identity intact.