British retailer Marks & Spencer has garnered praise for its transparent communication during a recent cyber incident that disrupted customer services. In a statement provided on Tuesday to the London Stock Exchange, the company revealed it had been managing a cyber incident over the past few days. Instead of utilizing typical corporate platitudes to downplay the situation, Marks & Spencer opted for an honest and straightforward approach, emphasizing its commitment to safeguarding customer information.
Jude McCorry, CEO of Scotland’s Cyber and Fraud Centre, commended Marks & Spencer for its clear and factual communication style, noting that the retailer kept its customers informed through both online messages and in-store interactions. “It was business as usual looking after their customers,” said McCorry, who acknowledged the hard work behind the scenes during this challenging time.
The disruption occurred during a holiday weekend, leading to some delays in pickup orders and complications with contactless payments for customers. However, Marks & Spencer reassured its clientele that while minor adjustments were necessary, the stores remained open and core services continued to operate normally. CEO Stuart Machin expressed his regret for any inconvenience caused in an email directly addressing affected customers.
Experts in the field have pointed to Marks & Spencer’s handling of the incident as a model of effective crisis communication. William Dixon from the Royal United Services Institute described the retailer’s response as “textbook cyber crisis communications,” highlighting its ability to balance transparency with empathy. As the situation unfolded, the retailer engaged external cybersecurity experts to assist with the investigation and bolster its defenses, providing further assurance to customers amid ongoing concerns about cybersecurity threats.