A quiet attack was launched against Marks & Spencer (M&S) during Easter weekend while people were busy with chocolate bunnies and family brunches. A major cyberattack resulted in M&S halting all online and mobile app sales. Surprisingly, investigators found no evidence of the app being compromised. Yet it still went dark.

The move highlights a critical dilemma in cybersecurity today. In moments of cybersecurity uncertainty, when threats are unknown, you can end up shutting down everything. Your website and app, which interact directly with customers, often incur the greatest losses during security incidents.

  1. The app wasn't hacked—but it still had to go dark

M&S decided to suspend the app because hackers attacked their systems, even though the app itself apparently remained uncompromised. The app went offline because, during a cyber crisis, it became impossible to quickly determine which systems remained uncontaminated.

When ransomware or backend breaches hit, every connected service becomes suspect. The cyberattack compromised various systems, including authentication servers, payment processing services, and inventory management APIs, together with various databases. The M&S app became collateral damage due to the uncertainty surrounding the cyber crisis. While the app was not responsible for the breach, it became collateral damage nonetheless.

It’s a classic cybersecurity paradox: the app’s technical security didn’t prevent potential unknown connections to insecure systems.

When confronted with this uncertain situation, M&S followed the common approach of most companies in 2025 by temporarily shutting down much of its operations. After all, it’s better to err on the side of caution than to regret it later, even though it incurs substantial expenses.

  1. Your app is tied to your bottom line

For M&S, the financial bleeding started instantly. Sales from UK clothing and home goods amounting to an estimated £1.26 billion make up about one-third of their total revenue through online platforms. The mobile app drives many of those transactions.

Offline periods caused more than technical issues since they can lead to financial losses and disrupted customer relationships through abandoned purchases and canceled transactions.

And from a customer’s perspective? Customers show no concern about whether the security breach happened in the warehouse database or the server room. They only see this: the app isn’t working. The brand let me down. 

The damage goes beyond pounds and pence. Companies like M&S take decades to establish trust equity but risk losing it (or at least creating significant disappointment) in just moments.

  1. Modern security could have kept the app running

Today’s innovative mobile app defenses can give companies such as M&S additional options instead of shutting down an app completely. Today’s app protection tools can deliver:

  • Real-time threat detection: Protect your app by detecting device rooting and other dangerous activities as they occur.
  • Runtime visibility: Observe real-time activities within the app environment regardless of device security status.
  • API protection and anomaly detection: Implement security measures to oversee data transactions between the app and backend servers.
  • Dynamic quarantine and response: Protect the app for legitimate users by segregating suspicious sessions from the rest of the application.

A built-in real-time security system can enable organizations to make decisions based on actual data instead of reacting out of fear. By harnessing real-time security monitoring, they can identify dangerous areas while preserving secure sections of their digital platform—relying on segmented and shielded operations to maintain system functionality rather than using the master kill switch.

  1. The risk of 'security by blackout'

The “blackout” approach feels safe. The blackout approach proves to be a crude and costly method that lacks sophistication. This approach considers apps as hidden parts of backend systems, yet apps serve as primary assets that require advanced protective measures.

Operating in the dark becomes inevitable when app security is handled as a black box. By deploying real-time visibility alongside intelligent controls, you achieve clear and confident movement through crisis events.

Security today shouldn’t be reactive guesswork. It should be:

  • Measurable: Know what’s happening inside your app.
  • Visible: Identify threats the moment they start to develop instead of waiting until they cause harm.
  • Actionable: Maintain your customer experience intact while responding to threats with fast and accurate action.

Surviving contemporary cyberattacks requires businesses to keep moving instead of hitting the pause button. Businesses that survive modern cyberattacks maintain their operations because they understand their exact situation.

Will your app go dark—or stay resilient?

This recent incident extends beyond being a mere cyberattack alert. This event demonstrates what happens when organizations lack essential knowledge that’s only obtainable through live telemetry alongside runtime protection and app-centric defenses.

When a future crisis emerges, will uncertainty result in your app becoming a casualty? Will your app serve as a reliable resource that customers can trust?

The old method of security through denial of service no longer meets modern business requirements. The future of app security will center around solutions that are smart in their operation and visible and measurable in their effectiveness.