Marks & Spencer CTO Steps Down Following Major Cyberattack

London – January 20, 2026 — Marks & Spencer (M&S), one of the United Kingdom’s oldest and best-known retailers, has announced that its Chief Technology Officer (CTO), Josie Smith, has left the company. Her departure comes less than a year after a severe cyberattack struck the business and disrupted key online operations, costing the company an estimated £300 million in lost profits.

Leadership Change at a Critical Moment

In a brief statement, M&S confirmed that Josie Smith has decided to step down from her role as CTO. The company expressed its gratitude for her contributions and wished her success in the future. Smith had been responsible for overseeing the technology systems that support M&S’s retail operations, including its growing online platform.

Smith’s exit comes just months after another senior technology leader, Rachel Higham, left her role as Chief Digital and Technology Officer in late 2025. Smith reported to Higham prior to her departure, highlighting a period of significant turnover among the company’s technology leadership.

The Cyberattack That Shook M&S

In April 2025, M&S suffered a major cyberattack that severely disrupted its online systems — particularly its ability to process orders through its website. The breach forced the retailer to take down parts of its online infrastructure while security teams worked to contain and investigate the incident.

The attack had broad consequences, including:

• Significant loss of online sales as systems were taken offline.
• A substantial financial impact, with an estimated £300 million (about $404 million) in profit lost due to interruptions in service.
• Additional costs related to restoring systems and strengthening cybersecurity defenses.

Industry analysts described the attack as one of the most disruptive incidents M&S has faced in modern times, underscoring growing threats to the retail sector from cybercrime.

Impact on Business Performance

In its most recent financial update, M&S reported strong demand for its food products during the Christmas period. However, sales in fashion, home, and beauty categories were weaker, a trend the company partly attributed to the lingering effects of the cyberattack. Disruptions to online shopping and customer confidence in digital services were cited as factors behind reduced spending in non-food segments.

The attack’s impact on online operations was far-reaching, with some services remaining slower or less reliable than before the incident. This affected how customers interact with the brand, particularly in a retail environment that increasingly relies on e-commerce.

Industry Context: Cybersecurity Risks in Retail

Large retail companies like M&S are frequent targets of cyberattacks due to the volume of customer data they hold and their reliance on digital systems for sales and logistics. Cybersecurity experts have noted that high-profile attacks on major retailers can lead to significant financial losses, reputational damage, and executive turnover as companies reassess their digital defenses.

While M&S has not publicly named those responsible for the April 2025 breach, it has emphasized its commitment to strengthening security measures and working with experts to prevent similar incidents in the future.

What Comes Next for M&S

M&S has not yet announced a successor to Josie Smith as CTO. In the interim, other executives within the technology division are expected to manage key responsibilities as the company navigates the post-attack recovery phase. The period ahead will likely focus on:

• Restoring customer trust in digital services.
• Investing in advanced cybersecurity infrastructure.
• Maintaining momentum in its food and store-based sales.

Executives have reiterated that the company’s long-term strategy remains unchanged, and that M&S is committed to delivering quality products and services across both online and physical retail channels.

Industry Reaction

Market analysts and security specialists have commented on the broader implications of the leadership changes at M&S. Many have highlighted the need for robust leadership in technology roles, especially in sectors where digital and physical retail intersect. The events at M&S serve as a reminder that businesses must continually adapt to evolving cyber threats to protect their operations and customers.

Conclusion

Marks & Spencer’s announcement marks a significant moment for the retailer. The departure of Josie Smith as CTO — coming less than a year after a disruptive cyberattack — underscores the challenges facing companies as they manage digital risks, maintain customer trust, and navigate leadership transitions. As the company moves forward, focus will remain on recovery, technology resilience, and sustainable business performance.

#MarksAndSpencer #Cyberattack #TechnologyLeadership #RetailNews #SlimScan #GrowthStocks #CANSLIM