Marks & Spencer cyberattack disrupts click & collect: Why indian retail must rethink cyber resilience

On 22 April 2025, UK-based retail giant Marks & Spencer fell victim to a cyberattack that disrupted core customer-facing services, including its Click & Collect system and contactless payments across stores nationwide. While M&S confirmed it was investigating the issue with the support of cybersecurity experts and the UK’s National Cyber Security Centre, customers faced significant delays and service denials—a stark reminder of how a single breach can paralyze operations.

The company was quick to clarify that customer data had not been compromised, yet the incident raises deeper questions about the growing complexity of cyber threats targeting retail infrastructure. For Indian retailers—many of whom are undergoing aggressive digital expansion—this episode underscores a need to urgently fortify systems, rethink recovery playbooks, and adopt proactive cybersecurity strategies.

The breach breakdown: What happened at M&S

According to reports, M&S experienced a system outage that brought its Click & Collect service to a standstill. Contactless payment terminals in some stores also failed to function, forcing staff to resort to manual methods. While operations have since resumed, the incident affected both customer experience and internal workflows, offering a glimpse into the ripple effects a cyberattack can have on modern retail ecosystems.

Growing threat surface with omni channel expansion 

Experts suggest that as indian retailers like Reliance Retail, Tata Cliq, and Dmart increasingly digitise operations, from payment systems to supply chain automation, they also expand the surface area for cyber threats.

As in india, where the regulatory framework is still evolving, retailers must go beyond compliance and build robust threat detection, real-time monitoring, and response systems. the M&S incident also calls attention to vendor risks, especially as many retail firms rely on third-party cloud and logistics partners.

“Minimize impact, isolate early”: Experts on first steps

When a cyberattack strikes, swift action is non-negotiable.

“The immediate steps must be to reduce the scope of impact, identify the ‘patient zero’—the starting point of the attack—and initiate clean recovery processes to resume customer-facing services,” says Faizul Mufti, VP of Information Security.

“This helps eliminate the active threat while restoring business continuity without carrying forward any contamination.”

Sundar Balasubramanian, Managing Director for India and South Asia at Check Point Software Technologies, adds: “Businesses must activate an incident response plan that clearly defines roles and escalation paths. Isolating affected systems and involving forensic experts early is key to containing the breach.”

Real-time threat visibility and AI-powered threat containment are essential in the initial response phase. Balasubramanian recommends tools like Check Point Infinity and Harmony for their ability to detect and contain attacks automatically, without manual intervention.

The data dilemma: how to handle sensitive information

Although M&S reported no data breach, Indian businesses need to prepare for scenarios where sensitive information could be compromised.

“Even the possibility of a breach should trigger immediate containment—segregating critical assets, revoking exposed credentials, and deploying endpoint protections,” says Balasubramanian.
He notes that India’s Digital Personal Data Protection (DPDP) Act, 2023 mandates timely notification and regulatory reporting in such cases.

Mufti emphasizes building security around data before a breach occurs:

“A robust data protection platform is crucial. Discovery of sensitive data assets, external risk monitoring, and involving legal teams to assess material exposure are essential for a coordinated and compliant response.”

Gopi Sirineni, CEO and Co-Founder of Axiado, stresses a shift from reactive to proactive defense:
“The best protection goes beyond reacting. Indian companies need to adopt a Zero Trust approach—encrypting data at every point, restricting access, and using AI to spot unusual patterns before they escalate.”

A new age of threats: AI, Deepfakes, and Insider Risks

Today’s cyberattacks are increasingly sophisticated. From ransomware to AI-generated deepfake scams and supply chain compromises, traditional perimeter defenses are no longer sufficient.

“Generative AI is being used both to detect threats and create them,” warns Balasubramanian.
“Retailers must invest in AI-powered behavior analytics and consolidate security stacks to reduce blind spots.”

Sireni agrees:
“Hardware-anchored security and AI-driven detection systems are now essential. These can stop side-channel and insider attacks before they cause real damage.”

Cyber resilience is not optional —It’s strategic

For Indian retailers, the lesson is clear: cybersecurity must be a built-in function across the digital journey—from cloud platforms to point-of-sale systems and customer data stores.

Key long-term recommendations include:

• Implementing Zero Trust security frameworks

• Encrypting data at all stages

• Deploying AI-based threat monitoring systems

• Conducting regular penetration testing and forensic audits

• Training staff to detect social engineering and phishing tactics

“Cybersecurity isn’t just about avoiding headlines—it’s about protecting your customers and preserving brand trust,” says Sirineni.
“Retailers must shift from damage control to future-proofing.”

The bottom line

The Marks & Spencer incident was resolved without reported data loss, but the operational disruption itself was significant. For Indian retailers and e-commerce platforms, it serves as a timely warning: in a world where cyber threats evolve faster than ever, resilience must be designed into every layer of your digital business.

The question is no longer if a breach will happen—but when. The right time to prepare was yesterday.