Marks & Spencer (M&S) has announced the departure of Rachel Higham, its chief digital and technology officer, slightly more than two years after she joined the company. Higham is reportedly stepping down to take a career break. Her resignation follows a significant cyberattack that disrupted M&S services and compromised customer data earlier this year.
Higham assumed her role at M&S in June of 2023. An M&S spokesperson acknowledged her contributions, stating, “Rachel has decided to take a break and is stepping back from her role, having been a valued part of the leadership team. She has been a steady hand and calm head at an extraordinary time for the business, and we wish her well for the future.” The company’s statement highlights Higham’s role during a period of considerable change and challenge.
The announcement of Higham’s departure comes after M&S experienced a disruptive cyberattack in May. The cyberattack forced the retailer to suspend online orders and disable click-and-collect functionalities. The attack also restricted the use of contactless payments within physical stores.
The disruption extended to product availability as M&S took systems offline to contain the breach. M&S confirmed that personally identifiable information was stolen during the cyberattack. The company clarified that payment card details, passwords, and one-time passcodes were not compromised. Despite the data breach, M&S advised customers that no immediate action was required.
M&S did, however, implement a mandatory password reset for customers upon their return to the M&S website. This measure was implemented to enhance account security after the cyberattack incident. Cybersecurity analysts who examined the attack suggested it possessed traits typical of a ransomware attack. M&S, however, declined to confirm whether a ransom was paid to the cybercriminals involved. Archie Norman, chairman of M&S, addressed the issue with lawmakers, stating that discussing such matters would not be in the public interest.
The cyberattack on M&S sparked wider discussion within the retail sector regarding the escalating threat of cybercrime. Camellia Chan, chief executive of AI security company X-PHY, commented on the need for robust cybersecurity measures, explaining, “Prevention must be built in from the ground up. Businesses need a multi-layered approach that combines hardware-level security to detect and block attacks early. This should be combined with an AI-driven threat detection layer that automate detection and enforce policies in real time. With human-error contributing to 95% of data breaches, this removes the burden of constant vigilance from employees and constant resilience testing.“
Following Higham’s departure, M&S has initiated a leadership reshuffle. Sacha Berendji, a veteran executive at M&S, will take on expanded responsibilities, overseeing digital and technology in addition to his existing roles in property and store development. Retail director Thinus Keeve will now report directly to Chief Executive Stuart Machin. Since the beginning of the year, shares in M&S have decreased by more than 8% as the company continues to address the repercussions of the cyberattack.
