M&S Food Sales Show Resilience After Cyberattack, Nielseniq Reports

LONDON, UK – May 29, 2025 — Marks & Spencer (M&S), one of the UK’s most popular retailers, demonstrated remarkable stability in the wake of a recent cybersecurity incident, with its food sales staying robust and consistent, according to fresh figures from data analytics firm NielsenIQ. The report comes amid increasing concerns over cybersecurity threats facing the retail industry, highlighting both the challenges and the resilience retailers must foster to maintain consumer trust.

Cyberattack Hits, But Food Sales Endure

Earlier this month, M&S suffered a significant cyberattack that raised alarm in the UK retail sector and among public officials about the growing threat of ransomware and other attacks on supply chains and consumer data. Despite these security disruptions, M&S’s food business continued its upward trajectory, according to NielsenIQ’s sales report covering the last four weeks.

NielsenIQ analysts stated, “Even with operational disruptions and heightened consumer uncertainty, M&S showed its core strengths in food retailing. The brand’s trusted reputation for quality and freshness appears to have shielded it from a significant sales decline post-incident.”

M&S Performance in Context

According to NielsenIQ, M&S’s food sales grew by 6.2% year-on-year in the four weeks following the cyberattack. This growth is in line with strong sector-wide performance among UK supermarkets, fueled by consumer demand for value and reliability amid persistent economic uncertainty.

Industry experts point to M&S’s established supply chain and robust cybersecurity investments prior to the attack as key reasons why the incident’s impact was minimized. “M&S has been proactive in shoring up its digital infrastructure,” noted Sophie Donnelly, senior retail analyst at Kantar. “While no system is foolproof, quick containment and transparent communication helped restore confidence swiftly.”

Retail Cybersecurity: An Escalating Threat

The incident at M&S comes amid a series of high-profile cyberattacks targeting UK retailers and grocers in 2025. The National Cyber Security Centre (NCSC) has issued multiple warnings this year about the increasing sophistication of ransomware and phishing campaigns targeting the sector.

“Retailers are prime targets due to their complex supply chains and vast customer data,” explained Chris Parker, cyber risk adviser at SecureTech. In 2024, according to the UK Office for National Statistics, cyberattacks on retailers rose by nearly 40%, a trend that has shown no sign of slowing.

Customer Trust and Business Continuity

M&S’s rapid response proved crucial to minimizing reputational damage. Within hours of detecting the breach, the company alerted affected customers and retailers, providing regular public updates while collaborating with cybersecurity experts and law enforcement. No evidence of customer data misuse has been reported so far.

A spokesperson for M&S said, “The security of our customers’ information and business operations is our utmost priority. We are doubling down on digital resilience and investing even more in advanced security technology.”

NielsenIQ’s report notes that M&S’s proactive transparency and visible remediation efforts played a significant role in maintaining consumer confidence. One surveyed customer told Reuters, “I continued shopping at M&S because they were open about what happened and didn’t try to hide it.”

Industry Responses and Looking Forward

Rival retailers Tesco, Sainsbury’s, and Waitrose also experienced increased cyber vigilance, launching parallel reviews of their own defenses following the M&S incident. The British Retail Consortium (BRC) called for greater industry-wide cooperation: “Retailers must share threat intelligence and work collaboratively to strengthen the sector’s collective cybersecurity posture,” said BRC’s Head of Technology, Samuel Waters.

Looking ahead, cybersecurity is expected to remain at the top of the sector’s agenda, with many retailers pledging increased investment in digital risk management and staff training throughout 2025.

Conclusion

The recent M&S cyberattack has underscored both the persistent risks and the resilience of the UK retail sector. While the event sparked concern, the retailer’s robust food sales, swift response, and transparent communications reflect both consumer loyalty and the importance of effective cybersecurity strategies in protecting business performance and reputation.