Podcast: Play in new window | Download | Embed
Subscribe: Apple Podcasts | Spotify | Amazon Music | Android | Email | RSS
In April 2025, Marks & Spencer suffered a significant ransomware cyber attack that severely disrupted its operations for several months and cost the company an estimated £300 million in lost profit. Among the impacts were the theft of customer data, the failure of online sales and empty store shelves.
In this episode of ‘What Just Happened?’, hosts Tamara Littleton and Kate Hartley are joined by crisis management expert Jonathan Hemus to discuss how M&S handled communications, particularly the prominent role played by CEO Stuart Machin. While generally praised for being visible, personal and accountable, the conversation highlights tensions between reassuring investors and showing empathy to affected customers. Machin’s description of the incident as a “bump in the road” sparked debate about tone, trust and perception during a crisis.
The delayed disclosure of stolen customer data was heavily debated and criticised, but a strong argument can be made that M&S’s strong pre-existing reputation was critical in sustaining trust and enabling a relatively quick recovery in share price. The conversation emphasises the importance of clear strategic intent, rapid and frequent communication, and leadership courage.
The episode also explores ransom payments, industry cooperation during crises, and why competitors may support one another. And the key takeaway is clear: organisations that invest in reputation, planning and leadership before a crisis are far better positioned to withstand one when it inevitably arrives.
A full transcript of today’s show is available to read here.
