Blog

M&S cyber attack: A £136 million lesson in recovery speed

The disruption was severe. Following the Easter weekend attack, M&S was forced to halt all online sales for approximately six weeks. This operational damage contributed to the company’s underlying pre tax profits tumbling by 55.4% in the six months to 27 September, with online sales in the fashion division falling by 42.9%. The financial impact totalled around £136 million, including anticipated future costs.

Adding to the concern, M&S chief executive Stuart Machin confirmed that the attack was instigated by “human error”. This human factor underscores that while prevention is important, it is fallible, necessitating recovery systems built on the assumption that breaches are inevitable.

The competitive impact of delayed recovery

The six-week disruption had lasting commercial consequences. Whilst M&S eventually reported a surge in activity after its clothing, home, and beauty sales returned online, competitors such as Next saw their market share grow during the period of disruption.

This highlights a critical business reality: the longer your systems stay offline, the more ground you surrender to competitors. For organisations across finance, healthcare, and e-commerce, even brief periods of disruption can cause substantial revenue losses and irreparable damage to brand reputation and customer loyalty.

The shift from prevention to recovery performance

The conversation around cyber security has fundamentally shifted. As promoted by the National Cyber Security Centre (NCSC), resilience engineering requires building systems that anticipate, absorb, recover, and adapt. The UK government’s guidance captures this new reality: “Be ready to go back to pen and paper.” Real security is now measured not just in how effectively you prevent attacks, but in how fast you can bounce back when prevention fails.

This necessitates a fundamental change in mindset: assuming compromise will occur and focusing intensely on minimising the impact through rapid, reliable recovery.

Why traditional backups are no longer fit for purpose

Modern ransomware is designed to eliminate the recovery safety net. Industry data confirms that 93% of ransomware attacks now target backup systems directly, understanding that destroying backups forces victims to pay ransoms.

The troubling statistics reveal the inadequacy of current strategies: in 2025, just 39% of companies in the UK successfully used backups to restore their data. Consequently, 54% paid the ransom, often receiving incomplete decryption keys or corrupted data. This reality has prompted the UK government to propose a ban on ransomware payments for public sector and critical national infrastructure organisations, confirming that self-reliance in recovery is paramount.

Recovery time objectives: hours, not days

For many sectors, a week of downtime is catastrophic. Recovery Time Objectives (RTO), the maximum acceptable time to restore operations, must now be measured in hours, not days or weeks. Best practices suggest RTOs of 0 to 1 hour for high-volume, dynamic, business-critical data.

Achieving this speed requires specific infrastructure choices:

  • Restoring 10TB of data from cloud storage typically takes 48 hours or more.
  • Properly configured on-premises immutable storage can achieve the same recovery in approximately 4 hours.

Building ransomware-proof infrastructure

At Covenco, we have spent over 35 years helping UK organisations build IT infrastructure that withstands real-world challenges. Our approach centres on three fundamental principles that ensure rapid, reliable recovery, reducing your recovery time from weeks to hours.

Immutable storage that can’t be deleted

The foundation of rapid recovery is immutable storage. This utilises Write Once Read Many (WORM) technology, ensuring data literally cannot be deleted, modified, or encrypted for a defined retention period.

This technology provides a critical defence layer that traditional backup solutions cannot match. Even if ransomware infiltrates your entire network and compromises all administrative credentials, you retain a clean, recoverable copy of your critical data. Covenco delivers these solutions powered by Veeam technology integrated with Object First’s purpose built storage appliances, creating an unbreakable recovery foundation.

The 3 2 1 1 0 rule for modern threats

Modern ransomware demands an enhanced approach to data protection. The 3 2 1 1 0 rule is the new standard for resilient defence:

  • 3 copies of data (for redundancy).
  • 2 different media types (protecting against media-specific failures).
  • 1 copy stored off-site (for geographic separation).
  • 1 immutable or air-gapped copy (guaranteeing a clean recovery source that ransomware cannot reach).
  • 0 errors verified through automated testing (ensuring your backups will actually work when needed).

That final component, zero errors, is essential for survival, particularly given that only 54% of organisations globally successfully used backups to restore their data in 2025.

Integration that delivers speed

Recovery speed depends critically on how well your backup and storage infrastructure are integrated. Native integration eliminates bottlenecks and ensures optimal performance during both backup and recovery operations.

Veeam’s integration with Object First through the Smart Object Storage API delivers optimised performance while maintaining complete immutability. Furthermore, as an IBM Gold Business Partner specialising in data protection, Covenco successfully pairs IBM storage systems with Veeam software to create resilient backup and replication solutions that scale from edge deployments to enterprise data centres.

Join our free webinar: Architecting a Ransomware-Proof Backup and Recovery Plan in 2026

The M&S incident clearly demonstrates that no business is too large or established to be vulnerable. To help you build genuinely ransomware-proof backup and recovery capabilities, Covenco is bringing you this essential 60-minute webinar.

The webinar, titled Architecting a Ransomware-Proof Backup and Recovery Plan in 2026, is designed specifically for IT managers and business owners in medium-sized UK enterprises who require guaranteed business continuity.

Date: 20 November 2025

Time: 1:00 to 2:00 PM GMT

By attending, you will gain expert insights from industry leaders, including Veeam and Object First, and understand why cyber resilience is the new imperative. We will demonstrate how modern tools like Veeam v13 and Object First deliver the necessary technical capabilities when integrated into a comprehensive strategy. Most importantly, you will learn why rigorous testing is the difference between having a recovery plan in theory and one that guarantees survival.

The question every business must ask

The technology exists today to achieve genuinely ransomware-proof backup and recovery. Immutable storage, intelligent backup software, and proper architectural design can reduce your recovery time from weeks to hours. The investment required pales in comparison to the £136 million cost of extended downtime suffered by M&S.

At Covenco, we have been helping UK organisations build resilient IT infrastructures since 1989. Our expertise positions us uniquely to help you architect a recovery strategy that works when you need it most.

Don’t wait for ransomware to test your recovery capabilities. Learn from M&S’s experience and build your defences now, while you still have the choice.

Ready to protect your business from costly cyber attacks?

Register for our free webinar on 20 November 2025, or contact Covenco’s data protection specialists at 01753 735 000 or enquiries@covenco.com to discuss your specific requirements.

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.