The Rest Is Money 235. How M&S saw off the cyber criminals and its plan for the next 100 Years (Part 1)
65 snips
Dec 18, 2025 Archie Norman, chairman of Marks & Spencer and a seasoned retail leader, discusses the harrowing experience of a cyber attack that shook the company. He shares insights on managing prolonged crises and practical defence strategies. Archie highlights the motivations behind cyber attacks, emphasizing the prevalence of ransomware and AI risks. He also explores the impact of heavy taxation on town centres and the importance of community engagement when closing stores. Finally, he reflects on M&S's innovative legacy in food and health.
AI Snips
Chapters
Transcript
Episode notes
First Whiff Of Cyber Crisis
- Archie Norman describes the Easter Saturday call that began M&S's cyber crisis and the months of intense response that followed.
- Teams worked sleepless nights, brought in global specialists, and endured huge stress while defending systems and restoring operations.
Assume The Worst, Call The A-Team
- Assume the worst immediately after any suspicious system behaviour and plan accordingly.
- Call the A-team of world-class cyber specialists to live with you through the recovery.
Perimeter Is Not A Panacea
- Cybersecurity must assume permeability because perimeters can be breached via third parties and impersonation.
- Defence should focus on containment, lateral-movement barriers, and knowing what attackers can access.