Imagine turning to your favorite shopping store—one you rely on for quality, reliability and trust —only to find online error messages and empty shelves. Then add in how you feel, knowing that your personal data may have also been stolen. Frustration quickly escalates into concern and worry; and then loyalty starts to fray.

For thousands of Marks & Spencer (M&S) customers, a recent cyber-attack did exactly this; disrupting supply chains, reducing store footfall, slowing sales growth and reputing to cost the company upwards of $409m (£300 million). It affected customers’ everyday routines, raised serious data concerns, and called into question one of the UK’s major multinational brands.

And M&S was not alone; other well-known companies such as Harrods and Co-op also experienced similar attacks, which disrupted their retail operations.

A Growing Threat

Cyber-attacks are no longer isolated incidents—they’re becoming business as usual. Despite investing in sophisticated firewalls, data protection systems and employing skilled cyber-security teams, recent events have shown that even the best defenses can be breached. What’s particularly striking in the M&S case is how quickly this crisis also affected their high street stores and led to supply chains stalling, and shelves emptying. The ripple effect highlighted how inseparable online and in-store operations have become.

To their credit, M&S responded with a proactive communications campaign to acknowledge the situation and put customers’ needs front and centre. In times like these, transparency and empathy aren’t optional—they’re essential.

Planning for the Inevitable

Facing a cyber-attack is no longer a question of if, but when. Many organizations are already witnessing more frequent attacks, and their preparation needs to be strategic and technical. Critical steps to consider include:

1. Planning Ahead: cyber-attacks must be built into your risk management strategy. Preparing for the expected and unexpected before a crisis hits is a fundamental part of running an organization, and is the only way to stay one-step ahead.
2. Communicating Early: clarity and decisiveness matters. Understand what you need to do internally, let customers and key stakeholders know what’s happening and what you’re doing about it—quickly, honestly and openly.
3. Training Your Spokespeople: Whenever speaking to the media, customers, employees, or supply chain contacts, your spokespeople must be confident, clear, and credible. Poor communication can often do more damage than the attack itself.

What the Experts Say:

The recent cyber incidents have underscored the growing urgency for robust digital defenses. Dr Richard Horne, CEO of the National Cyber Security Centre (NCSC), described the attacks as “a wake-up call to all organizations,” and urging leaders to strengthen their resilience against increasingly sophisticated threats. Echoing this sentiment, Daniel Teacher, CEO of T-Tech, noted: “No cyber-attack is entirely preventable. Businesses should have controls strong enough to minimize the impact.” These statements reflect a broader consensus that whilst absolute prevention may be unrealistic, proactive investment in cyber security protection measures are a business imperative.

How Spoken Word Can Help:

At Spoken Word, we specialize in all manner of crisis communications. Our global team works with clients to craft clear, tailored messaging and prepare spokespeople to deliver them with confidence—even under pressure. We know what it takes to navigate the tough questions and protect your brand when it matters most.

For more information on how we can help your organization with its cyber-attack preparation and on-the-ground support, contact