Retail Cyber Resilience: Lessons from the M&S Attack

May 29, 2025

Last month’s cyberattack on Marks & Spencer sent a clear message to the retail industry: cyber resilience is no longer a nice-to-have. It’s critical.

A ransomware incident forced M&S to suspend all online and in-app services. Systems are still down, weeks later. The estimated cost? Over $80 million. But the reputational damage and customer frustration may prove far more difficult to quantify or repair.

The attack, carried out by a group linked to Scattered Spider, exploited contractor credentials and targeted core systems. The result was one of the UK’s most trusted retailers rendered offline, without digital sales or contactless payments, in the space of hours.

At Polar Moment, we work with retailers to build secure payment infrastructure with cyber resilience at its core. Incidents like this highlight why that work matters

Retail Payments Are a Prime Target

Retail payment systems are complex, heavily integrated, and always-on: a perfect target for cybercriminals. Many merchants rely on legacy systems, connected to third parties for support, maintenance, or innovation. That creates opportunity for attackers.

In the M&S case, compromised credentials linked to a third-party supplier gave hackers a way in. It’s a scenario we’ve seen before: too much trust, too little control.

Compliance Isn’t Enough

It’s easy to assume PCI compliance means you’re safe. It doesn’t.

Compliance sets a baseline. But cyber resilience goes further: designing systems that assume compromise is inevitable and limit the damage when it happens.

This includes:

Tokenising card data so it never touches your environment
Securing third-party integrations with strict access controls
Monitoring for unusual patterns and anomalies in real time
Building failover paths, not single points of failure

Four Actions Retailers Should Take Now

1. Review your entire payments infrastructure

Map all systems, providers, and data flows
Identify weak points, outdated technology, and high-risk links

2. Limit third-party access

Apply least-privilege principles
Require multi-factor authentication and rotate credentials regularly

3. Plan for cyber resilience, not just recovery

Create fallback routes for key services like contactless and online payments
Test these under real-world failure conditions

4. Make cyber risk a business issue

Bring security out of the IT silo
Report risk exposure in the same way as availability or revenue loss

How Polar Moment Can Help

We’ve helped leading retailers and payment processors design payment systems that are not only fast and reliable, but also built to withstand disruption.

That means:

Cyber resilient architecture
Modern tokenisation strategies
End-to-end security reviews
Support across retail, unattended, and hospitality environments

If you’re rethinking your payments setup after the M&S incident, we’d be happy to talk.

Closing Thought

Cyber threats are evolving fast. Retailers need to move faster.

The organisations that invest in cyber resilience now will be the ones who keep earning customer trust — and revenue — tomorrow.

Get In Touch

At Polar Moment, we are committed to delivering payments consultancy and software development services that drive tangible business results. Whether you need strategic advice, technical implementation, or training, our team is here to help. Contact us today to discuss how we can support your business.