M&S Tech Chief Steps Down After Cyberattack Fallout

Rachel Higham leaves her role at Marks & Spencer months after a major cyber incident, prompting leadership changes and renewed focus on digital resilience.

Leadership Change Follows Security Breach

Marks & Spencer has confirmed the departure of Rachel Higham, its Chief Digital and Technology Officer, following a cyberattack that disrupted online operations earlier this year. Higham, who joined the retailer in June 2024, is stepping down to take a career break, according to an official statement. Her exit comes at a time when the company is still managing the financial and operational consequences of the breach. M&S described her contribution as steady and composed during a challenging period for the business.

The cyberattack, which occurred in April, impacted several core services including contactless payments and click-and-collect orders. M&S estimated the incident could reduce its operating profit by £300 million in the 2025/26 financial year. Insurance claims and internal cost controls are expected to offset part of the loss. News of Higham’s departure was first reported by Sky News and later confirmed by the company.

Internal Reshuffle and Strategic Adjustments

Following Higham’s resignation, M&S has initiated a broader reshuffle of its leadership structure. Sacha Berendji, a long-serving executive, will now oversee the digital and technology division alongside his existing responsibilities in property and store development. Thinus Keeve, who joined as retail director in June, will report directly to CEO Stuart Machin instead of Berendji. These changes aim to streamline decision-making and reinforce operational stability amid ongoing recovery efforts.

The company has not yet named a permanent successor for Higham, nor indicated whether the role will be restructured. Analysts suggest that the leadership transition reflects a need to balance continuity with renewed focus on cybersecurity and digital infrastructure. M&S has pledged to strengthen its systems following the breach, which exposed vulnerabilities in third-party software. The reshuffle may also signal a shift toward integrating digital strategy more closely with core retail operations.

Financial Impact and Market Response

M&S shares have declined by 8.5% so far this year, underperforming compared to some retail peers. The cyberattack contributed to investor concerns, particularly around the company’s ability to safeguard customer data and maintain service reliability. Executives remain optimistic that insurance recoveries and improved security protocols will mitigate long-term damage. Despite the setback, M&S has not announced plans to reduce store openings or scale back refurbishment projects.

The breach has prompted scrutiny from regulators, including the UK Information Commissioner’s Office, which is reviewing potential GDPR violations. If penalties are imposed, fines could reach up to 4% of global turnover. Industry observers note that rebuilding trust will be essential for M&S to maintain its digital growth trajectory. As competitors like Next and John Lewis invest heavily in online platforms, M&S faces pressure to reinforce its technological foundations.

Cybersecurity and Retail Vulnerabilities

The attack on M&S was reportedly carried out by a group known as Scattered Spider, which has targeted other major brands in recent months. Experts describe the incident as highly sophisticated, involving exploitation of third-party software flaws to access customer databases. Similar breaches have affected companies across sectors, highlighting the growing threat of ransomware in retail. In response, M&S is exploring hardened cloud infrastructure and zero-trust network protocols to prevent future disruptions.