Recent cyber incidents, including attacks on M&S, Co-op and Harrods, have made shoppers more wary about sharing personal information with online retailers and has eroded trust when making online payments, the latest research from Checkout.com, reveals.

Cyber attacks shake consumer trust

Original research of 2,000 UK shoppers by the payments services provider revealed that the number of consumers who feel comfortable sharing financial information with online retailers has fallen by -6 percentage points in the last two months.

Now, in May a third (34%) feel comfortable with sharing financial details online with brands, compared to 40% in March, before the recent string of cyber incidents against well-known UK retailers began.

Data in its Digital Economy Trust Report also found that almost three quarters (73%) of UK shoppers said that recent cyber attacks on UK brands had eroded their trust in making payments online.

“Consumers are shaken and without trust the digital economy cannot thrive. It is imperative that businesses, policymakers and technology providers come together to prioritise public confidence and safeguard economic growth.” 

Jenny Hadlow, COO, Checkout.com

“When a British brand like M&S falls victim to a vicious cyber-attack, the retail world gets a wake-up call,” Hadlow added.

“The disruption caused by recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers and the public,” said Dr Richard Horne, CEO of the NCSC, which is currently investigating the Co-op cyber attack. He added that the recent cyber crime incidents should act a “wake-up call” to retailers to ensure measures and systems were in place to prevent and react to cyber crime.

Long-tail disruption to M&S’ online operations until July

M&S, one of the first UK retailers to be hit in a string of cyber attacks when a hack over the Easter weekend forced it to halt online orders, has said it expects disruption to its online business to last through until July.

In its Full Year Results published this morning, which span the 52 weeks ending 29 March 2025, it posted a third consecutive year of growth in sales, with pre-tax profits up +22% to £875.5million. While it had finished the year in the “best financial health for nearly 30 years,” M&S expects the cyber incident to cost £300million in lost operating profits, before insurance and mitigation.

“Over the last few weeks, we have been managing a highly sophisticated cyber attack, which has led to a limited period of disruption,” Stuart Machin, Chief Executive at M&S, said. “We have tackled this head on with incredible spirit, teamwork and deep sense of responsibility as we prioritised serving our customers.”

While Machin acknowledged it had been a “challenging” period, he also expressed that the cyber incident is “a moment in time” and represents a “bump in the road” for the retailers’ long-term growth plans.

“We are now focused on recovery, with the aim of exiting this period a much stronger business… if anything, the incident allows us to accelerate the pace of change as we draw a line and move on.”

Stuart Machin, CEO, M&S

“Over the last 140 years, M&S has overcome many challenges – testament to the longevity of this brand,” Machin added. “We will come out of this in better shape, and continue our plan to reshape M&S for customers, colleagues and shareholders.”