Cyberattack on Marks & Spencer Leaves CEO Without Annual Bonus

07.06.2026 3 minutes Author: Newsman

Stuart Machin, CEO of British retail giant Marks & Spencer, was denied his annual bonus following a major cyberattack that struck the company in April 2025. The incident not only caused significant financial losses but also had a direct impact on executive compensation decisions.

In its 2025/26 financial report, the company described the past year as a period that demanded extraordinary commitment from both management and employees. Despite the team’s efforts, the consequences of the cyberattack proved to be far more severe and long-lasting than initially anticipated.

Disruptions to online services, product availability issues, and outages across internal systems continued to affect Marks & Spencer’s operations for much of the financial year. The company estimates that incident response, infrastructure recovery, and remediation efforts cost approximately £131.3 million, or about $175 million.

The cyberattack also took a noticeable toll on the retailer’s financial performance. While Marks & Spencer reported a profit of £881.1 million the previous year, that figure fell to £671.4 million following the incident.

It was these circumstances that led the remuneration committee to withhold Stuart Machin’s annual bonus. The company stressed that both management and employees demonstrated exceptional commitment throughout the crisis.

“During the cyber incident, colleagues responded with exceptional commitment and resilience, led by an outstanding management team that together kept the business operating through the most challenging of circumstances,” the committee said.

At the same time, the company concluded that awarding a bonus under such conditions would not have been appropriate.

“However, it was concluded that, in the circumstances, and having particular regard to the experience of our shareholders, it would not be appropriate to make a bonus payment in respect of 2025/26,” the report states.

Despite missing out on a bonus, the CEO was far from unpaid. According to the company’s financial disclosures, Machin received a total compensation package of £3.968 million for the year. By comparison, his total remuneration in the previous year reached £7.047 million, including a £1.635 million bonus.

The cyberattack on Marks & Spencer took place in April 2025. According to the company, the incident was linked to the Scattered Spider cybercrime group. The attack forced the retailer to suspend its online store and mobile app while also disrupting product deliveries to physical locations. Some store shelves were left partially empty due to supply chain and logistics issues.

The company was not able to fully restore its online shopping operations until August 12. Commenting on the incident, Stuart Machin described the cyberattack as “a bump in the road” and assured investors and partners that Marks & Spencer would overcome the disruption and emerge stronger from the experience.

Subscribe
Notify of
0 Коментарі
Oldest
Newest Most Voted
Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.