M&S Crisis? It's trust not IT.

It's been striking to watch Marks and Spencer (known as M&S) deal with their current crisis - hit by a cyber security incident that crippled it's payment systems, at one of the biggest weekends in the year for retail, Easter.

The high street brand must have had a rehearsed incident (crisis) management plan for such an event, particularly following Morrison's, Barclays and Lloyds similar IT outages, but even so they have faced criticism. Irritated customers have vented on social media since Saturday 19 April. The media coverage could have been considerably worse had the news pages and broadcasters not been busy covering the death of a well respected Pope. This IT incident presents a real risk to the brand's trust ratings.

The retailer's Chief Executive, Stuart Machin, wrote to customers on Tuesday 22 April 2025 and (separately) notified the investment community when the LSE reopened after the Easter break to tell people what had happened. Arguably the most telling point in a bland email to customers was: 'I know how much our customers trust M&S and that trust is incredibly precious to us.'

You bet it is!

Without trust the M&S brand will be completely undermined. Just consider it's advertising strategy for food, first started in 2004. Straplines like 'This is not just salmon, this is M&S salmon' only work if there is trust in the brand. So while an incident management plan can cover the steps needed to manage an IT outage, the real heavy lifting will happen over the weeks and months to follow by Communications professionals. Their focus will be restoring any damage to M&S's reputation, consumers' perceptions and rebuilding trust.