Treasury Cybersecurity: Lessons From the 2025 M&S Ransomware Attack

Automation in treasury meets Cyber Threats

Digitalization brings automation, reducing manual tasks and leaving more room for advanced human reasoning and analysis. If a pre-automation treasurer saw the simplicity of some tasks with today’s tech, they’d probably throw their 17-tab Excel monster out the window… right before accusing us all of witchcraft.

 What could go wrong, one might ask?

While digital tools have freed treasurers from 17-tab spreadsheets, they also widen the doorway for attackers.

M&S Ransomware’s Treasury Fallout

April 2025’s ransomware hit on Marks & Spencer wasn’t just a retail shutdown; it instantly turned into a treasury emergency, crippling cash-flow visibility even as headlines focused on damaged websites and warehouses.

Why Treasurers Should Care

  • Cash Flow Shock

With online operations suspended for 46 days, revenue inflows dropped sharply. The treasury team had to respond quickly to maintain liquidity, likely needing to re-forecast short-term cash positions every morning.

  • Broken  Banking Pipes and Payment Channels

A ransomware attack leads to isolating systems. This can break critical links between treasury-management systems (TMS), ERP platforms, and bank APIs. This pushes teams to revert to manual payment runs, increasing fraud risk and delaying settlement cycles, especially problematic in cross-border contexts or during FX-hedging execution.

       • FX Blind Spots and Hedging Complications

System lockouts obstruct real-time FX positions, limit access to counterparties, and increase the risk of unhedged exposures during market swings.

      • Rating Pressure & Investor Confidence

Management warned of a £300 million profit hit; agencies immediately flagged the group’s credit metrics.  Treasury must secure backup cash, tap RCFs and reassure investors directly.

A recap of another corporate horror story for the scrapbook is always educational. Now, when the hackers decide you’re tonight’s feature presentation, what’s the escape plan?

Treasury Cyberattack 24-hour Survival Kit

When ransomware strikes, the treasury’s first 24-hour response should look less like city bus timetable (business as usual) and more like an ambulance siren run (all hands emergency).

  1. Flip to offline backup workflows, print critical cash-position reports, and activate pre-approved manual payment protocols.
  2. Tap contingency liquidity, draw on revolving credit facilities or overnight lines before ratings agencies smell blood.
  3. Freeze FX, lock existing hedges and suspend new trades until systems are clean. Because, hey, why keep rearranging the furniture while the house going up in flames?
  4. Join the crisis room, embed a treasury lead in the incident-response squad so cash-flow intel informs every tactical decision.
  5. Communicate early, often, and numerically, daily liquidity dashboards to the CFO, lenders, and investors, reassure stakeholders that, even if the lights are flickering, the cash is still moving.

Treasury Cybersecurity: Digitize but Armor Up

The M&S incident proves that the same technology that can save the day, when not used wisely, can turn into a Trojan horse. The lesson is brutally simple: every API you add must be matched by a contingency plan, every workflow you streamline must have a manual fallback, and every shiny Fintech you bolt on must pass a “Could we run the business for a week without it?” drill.

Moderm treasury leaders must excel at automation and manual fallbacks. Cyberattacks erupt suddenly; survival means moving cash faster than the threat. Patch servers, but also refresh the playbook – so when systems go dark, only the malware stops, not the money.

If you’re ready to make your treasury both digitally agile and bullet-proof against cyber shocks, Pecunia is here to help. Let’s build that resilience together.

Europe’s Place in Global Wealth: What It Really Means for Corporate Treasury  

Ateb Tech Day: Treasury, Tech & a Touch of Robotics

Why Interim Treasurers Cost More Than Permanent Hires

more blogs