Understanding the importance of Crisis Communications when in the midst of a Cyber Attack – What we can learn from the past 12 months

Cyber-attacks aren’t a dramatic, once‑in‑a‑lifetime set of events, these days they are part of routine operations and they hit organisations of every size. In 2025 we saw this play out clearly when Jaguar Land Rover, Co‑Op and Marks & Spencer (M&S) all found themselves dealing with serious incidents. It was a blunt reminder that no brand is too established or too well resourced to avoid being caught out.

When something like this happens, the technical response is only half the story. The other half, and often the part that decides whether customers stay calm or start losing trust, is how the company communicates. Clear and honest updates can stop a difficult situation from turning into a reputational mess.

That’s what crisis communications is about: being upfront, cutting through confusion and helping people understand what’s going on without adding to the panic.

In 2025, M&S showed what it looks like when a company takes that responsibility seriously. In this article we review what M&S did well, lessons other organisations can learn from M&S’s response to their cyber-attack, and provide practical, actionable steps for businesses who want to make sure they have the right incident response and communication plans in place should they be attacked.

A Quick Introduction to Crisis Communications

So let’s get started. First of all, what is Crisis Communications and why are they so important in an incident response process?

Crisis communications are the structured approach organisations use to communicate during unexpected, high‑pressure events, anything from a data breach to a product recall to a global pandemic. The goal is simple: protect people, protect trust, and protect the business.

Why does it matter so much today?

  • Cyber-attacks are increasing in scale and impact. 2025 was more evidence of the notoriety of cyber risk increasing, with attacks deeply affecting economic stability and business continuity.
  • Customers expect transparency. Silence or vague statements erode trust faster than the breach itself.
  • Regulators are watching. Poor communication can lead to reputational damage and regulatory scrutiny.
  • Social media accelerates everything. Misinformation spreads instantly if organisations don’t fill the information vacuum.

Done well, crisis communications can turn a chaotic situation into a moment of leadership. Done poorly, it can turn a technical incident into a reputational disaster.

What Happened: The 2025 Marks & Spencer Cyber Attack

In April 2025, Marks & Spencer disclosed a major cyber-attack that severely disrupted its operations. The incident was identified as a ransomware breach which forced the retailer to shut down automated ordering and stock systems, leading to empty shelves and significant operational strain.

The impact was substantial:

  • Online sales were brought to a standstill
  • Food shelves were left bare
  • The financial hit was enormous
  • Disruption lasted for months

Despite the severity of the incident, M&S managed to maintain customer trust and protect its brand reputation. And that wasn’t luck, it was through communication.

How M&S Communicated During the Crisis

While the technical details of the attack were complex, M&S’s communication strategy was refreshingly simple: be honest, be visible, and be human.

They Communicated Early and Openly

M&S didn’t wait for rumours to spread or for customers to notice empty shelves. They disclosed the attack promptly, explaining the nature of the disruption and its expected duration.

This early transparency helped:

  • Set expectations
  • Reduce speculation
  • Demonstrate accountability
  • Build trust during uncertainty

In a world where many organisations still try to “keep things quiet,” M&S chose clarity over concealment.

They Provided Regular, Timely Updates

Throughout the incident, M&S issued ongoing updates to investors, customers, and the media. Timely updates prevented:

  • Confusion
  • Misinformation
  • Customer frustration

And importantly, they showed that M&S was in control, even if at times the situation itself wasn’t.

They Used Clear, Accessible Language

M&S avoided technical jargon and focused on what customers needed to know:

  • What happened
  • How it affected them
  • What the company was doing about it
  • When things would return to normal

This is especially important in cyber incidents, where overly technical explanations can alienate or confuse audiences.

They Demonstrated Leadership Visibility

M&S’s CEO played a prominent role in communications, offering reassurance and outlining recovery plans. His public statements emphasised both transparency and determination, including the company’s intention to use the disruption as an opportunity to accelerate technology transformation

Leadership visibility signals:

  • Accountability
  • Confidence
  • Stability

And it reassures customers that the organisation is taking the incident seriously.

They Maintained a Customer‑Centric Tone

Even while dealing with operational chaos, M&S kept the focus on customer experience. Their messaging acknowledged the inconvenience, explained the impact on stock and online services, and reassured customers that restoring normal service was the top priority.

This empathetic tone helped mitigate the psychological impact of the attack, particularly the anxiety customers feel when their favourite retailer experiences a breach.

Lessons Other Businesses Can Learn from M&S

The M&S incident offers valuable lessons for organisations of all sizes, not just retail giants.

Here are the key takeaways.

Transparency Builds Trust -Customers don’t expect perfection, but they do expect honesty. Being upfront about what happened and what you’re doing to fix it is always better than silence.

  • Speed Matters –The first 24–48 hours of a cyber incident are critical. Quick communication prevents rumours and demonstrates control.
  • Consistency Is Key – Regular updates – even if the update is “we’re still working on it” keep stakeholders reassured.
  • Leadership Should Be Visible – A calm, confident leader can steady the ship and reinforce trust.
  • Empathy Goes a Long Way – Cyber-attacks are stressful for customers too. Acknowledging their concerns helps maintain loyalty.
  • Preparation Makes Everything Easier – M&S’s ability to communicate effectively didn’t happen by accident. It happened because they had plans, processes, and trained people.

Cyber‑Focused Advice for Businesses Preparing for Attacks

If the Marks & Spencer incident taught us anything, it’s that crisis communications doesn’t exist in a vacuum. It’s tightly woven into cyber readiness, technical resilience, and the ability to make decisions quickly under pressure. Here’s how organisations can strengthen their cyber posture and their communication capability at the same time.

Build a Real‑World Incident Response Plan

Not a theoretical document. Not a dusty PDF. A plan people can actually use at 2am when the ransomware alarm goes off.

It should include:

  • Clear roles and responsibilities
  • Playbooks for the most likely attack types
  • A rapid approval process for communications
  • A single source of truth for updates

A good plan removes panic and replaces it with muscle memory.

Know Your Crown Jewels

You can’t protect everything equally. Identify:

  • Your most critical systems
  • Your most sensitive data
  • Your highest‑risk suppliers

This helps you prioritise both your technical response and your communications when something goes wrong.

Train Your People (Not Just IT)

Cyber incidents are cross‑functional events. Everyone needs to know:

  • How to report suspicious activity
  • What to say, and what not to say
  • How to route media or customer enquiries
  • How to avoid spreading unverified information

For example, Tabletop exercises are a great way to expose gaps and build confidence. At Cyberfort we recommend Incident Response plans are tested on annual basis as a minimum. The crisis simulation exercises undertaken should provide common attack scenarios tailored to your organisations specific sector so you can see where the communication, process and response gaps are in real time before an incident happens.

Prepare Customer‑Friendly Messaging in Advance

When an incident hits, you won’t have time to wordsmith. Pre‑prepare:

  • Holding statements
  • FAQs
  • Internal updates
  • Regulator‑ready notifications

Keep them simple, human, and jargon‑free.

Establish a Crisis Communications “Battle Rhythm”

Decide in advance:

  • How often you’ll issue updates
  • Who approves messaging
  • Which channels you’ll use
  • How you’ll coordinate with technical teams

This rhythm keeps everyone aligned and prevents misinformation from filling the silence.

Strengthen Your Technical Foundations

Good crisis communications are easier when your cyber basics are solid. Prioritise:

  • Access Controls
  • Regular patching
  • Network segmentation
  • Tested offline backups
  • Endpoint detection and response
  • Supplier risk assessments
  • Regular security reviews by a specialist MSSP

These controls reduce the blast radius, and the communication chaos.

Build a Culture of Early Reporting

The sooner you know something’s wrong; the sooner you can contain it. Encourage:

  • Zero‑blame reporting
  • Quick escalation
  • Transparency across teams

Culture is one of the most underrated cyber controls.

Final Thoughts – Communicating Through Chaos

Cyber-attacks are stressful, disruptive, and often expensive. But they don’t have to destroy trust. Marks & Spencer’s 2025 cyber incident showed that even in the face of major operational and financial disruption, strong crisis communications can protect a brand’s reputation and maintain customer loyalty.

By being transparent, timely, empathetic, and consistent, M&S turned a difficult situation into an opportunity to demonstrate leadership and resilience.

And the good news? Any business, large or small, can do the same with a bit of preparation.

Crisis communications aren’t about perfection. It’s about being human, being honest, and being ready.

As the saying goes ‘fail to prepare, prepare to fail’. At Cyberfort we believe ‘now’ is the time for organisations to start making sure they have the right tested incident response plans and crisis communications strategies in place. In today’s threat landscape it’s no longer ‘if’ you will get attacked it’s ‘when’. Those organisations who dedicate the right amount of time and effort to be prepared against cyber-attacks will find themselves with the ability to be more resilient and bounce back with minimal reputational damage.

For more information about Cyberfort Incident Response and Cyber Security Consultancy services contact us at [email protected] and one of our experts will be in touch.

Awards and Accreditations

blue light commercial logo

Contact Us

Cyberfort Ltd
Venture West,
Greenham Business Park, Thatcham,
Berkshire,
RG19 6HX

+44 (0)1304 814800

[email protected]


Cyberfort
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.