Skip to content
TechnologyInsuranceMarketsBusinessFinance

Retail Cyber Incident of Significant Magnitude: Mark Kleinman's Perspective

City Editor of Sky News, Mark Kleinman, sets the conversation in the City's financial district with his weekly discourse in City AM.

 and  Administrator
4 min read
Mark Kleinman serves as Sky News' City Editor and contributes a weekly column to City AM, stirring...
Mark Kleinman serves as Sky News' City Editor and contributes a weekly column to City AM, stirring discussions in the Financial District.

Retail Cyber Incident of Significant Magnitude: Mark Kleinman's Perspective

A Cyber Attack Shakes Up the Retail Landscape

In this era, it's almost commonplace for big corporations to fall victim to major cyber attacks, with their systems compromised and customer service disrupted. Over the past fortnight, that unfortunate list has expanded to include renowned retailers like the Co-op and Harrods.

The narrative around these incidents is shifting. It's not necessarily the attack itself that creates the greatest concern, but rather the response to it. This is evident in the case of Marks & Spencer (M&S). M&S shareholders are justified in demanding detailed answers about the ramifications of their ongoing cyber attack, including whether it was foreseeable and whether adequate preparations were made.

Communications from M&S to investors have been scant and lacking in detail. It's been reported that Stuart Machin, the M&S CEO, has changed his mobile phone number due to uncertainty about the situation, although other members of the executive committee have not faced the same issue[1][2]. Some retail industry executives suspect that the long-standing underinvestment in M&S's technology and systems contributes to the current chaos[1].

Two weeks have passed since the hack, and M&S appears to be struggling to establish a timeline for returning to normal operations[1]. The insurance coverage will help mitigate the financial loss during this interim period, but the reputation damage to a brand that was finally regaining momentum after two decades of trouble in its clothing business may be harder to quantify[1].

Archie Norman, the chairman, is facing a significant challenge. Given that his tenure must end by autumn 2026 in compliance with corporate governance guidelines, he should consider commissioning an independent investigation into the crisis. This investigation should include a review of the necessary investments to minimize M&S's vulnerability to future attacks and an examination of whether any previous warnings about their preparedness were ignored[1].

Tucker's Ascension and Departure at HSBC:

Spanning seven-and-a-half years, Sir Mark Tucker's tenure as chairman of HSBC Holdings has coincided with significant global events such as Brexit, the Covid pandemic, presidential terms, Chinese activism, Russia's invasion of Ukraine, and an escalating trade war[1]. Tucker announced his intention to step down by the end of the year[1].

Evaluating Tucker's tenure as CEO is a mixed bag. The initial choice of John Flint to succeed Stuart Gulliver proved to be a disaster[1]. Noel Quinn, who initially served as interim CEO and ultimately held the position for over five years, was a stable replacement[1]. Quinn oversaw the rapid acquisition of Silicon Valley Bank's UK arm in a 2023 rescue deal[1].

Tucker's allies believe that Georges Elhedery, who succeeded Quinn last year, is the ideal candidate to lead HSBC for the next decade[1]. The drastic transformation of HSBC during Tucker's tenure, including significant disposals and reorganization into distinct geographical and product units, had resulted in impressive share price growth and record profits, until President Trump's tariffs[1].

Tucker is departing HSBC with a robust capital position and a well-positioned international network ready to support clients in an ever-changing world[1]. However, concerns remain about whether HSBC's unique geographical footprint will bring forth new challenges[1]. The bank's next chairman will require extensive Asian experience and a strong resolve to build upon Tucker's legacy.

The Future of Bread: Merging Hovis and Kingsmill:

Making ends meet in the bread business is proving to be a challenge nowadays. The scrutiny of Kingsmill's parent, Allied Bakeries, suggests that the company is not financially stable[1]. Allied, in turn, is owned by Associated British Foods (ABF), and its financials are not disclosed separately[1].

As a result, ABF has initiated a merger of Allied Bakeries, which also owns the Sunblest brand and an own-label manufacturing operation with private equity-backed Hovis[1]. Since largely disappearing from Tesco's shelves, Kingsmill's market share has waned, leaving it trailing both Hovis and the family-owned market leader, Warburtons[1].

A merger of the second and third-largest players would create a group with over 40% of the branded sliced bread sector[1]. If there's ever a time to attempt a merger like this one, it's now. The competition watchdog's powers have been restricted by government, and they may be apprehensive to outright prohibit a merger between two struggling businesses[1]. Instead, structural or pricing remedies seem more likely[1].

Under Endless's management, Hovis has demonstrated that it can be a sustainable business[1]. Whether this merger represents a serious effort to counter long-term category decline remains to be seen.

Enrichment Data:

The enrichment data does not provide specific details about an independent probe commissioned by Archie Norman into the Marks & Spencer cyber attack, nor does it detail the outcome of such an investigation.

Here is a summary of the available details regarding the attack:

  • Attack Impact: The cyber attack on Marks & Spencer resulted in the theft of some customer data, including names, addresses, and phone numbers. However, no usable payment or card details were stolen, and passwords were not compromised[1][2].
  • Technical Details: The attack involved a hacking group known as Scattered Spider, which allegedly used ransomware called DragonForce to exploit vulnerabilities in M&S systems[2]. The attackers may have used methods like sim-swapping to gain access to M&S systems[2].
  • Response and Aftermath: M&S has experienced issues with processing online orders and has advised customers to be cautious of phishing scams[1][2]. Experts recommend that customers enable two-step authentication for additional security[1].
  1. The finance sector, particularly within the business of insurance, plays a crucial role in mitigating the financial loss during uncertain times like M&S's ongoing cyber attack.
  2. The retail industry is increasingly acknowledging that the response to a cyber attack, not just the attack itself, can have significant consequences for businesses, as evidenced by the case of Marks & Spencer.
  3. In the global finance market, technology investment becomes increasingly important in the face of cyber threats, with underinvestment potentially contributing to the chaos seen in companies like Marks & Spencer.

Read also:

    Related

    Latest