Marks & Spencer’s chief technology officer, Josie Smith, is leaving the retailer less than a year after a major cyber attack severely disrupted its operations, according to Sky News.
Smith, who joined M&S around 18 months ago, is stepping down nine months after the cyber incident that forced the retailer to suspend its online sales for several weeks. Her departure was communicated internally this week in a memo stating that she had “decided to leave” the business.
Leadership Changes Continue After Cyber Disruption
Smith’s exit marks the latest senior technology leadership change at M&S following last year’s attack. She will be replaced by Darren Gibson, currently the company’s fashion, home and beauty technology transformation director.
The move comes just four months after Rachel Higham, M&S’s chief digital and technology officer, also left the retailer — signalling continued upheaval at the top of its technology function.
Before joining M&S, Smith held senior roles at BT Group and Vodafone, bringing extensive telecoms and technology experience to the retailer.
Last Year’s Attack Still Casting a Long Shadow
The cyber attack, which occurred in April 2025, was attributed to a hacking group known as Scattered Spider. It brought M&S’s online operations to a standstill for weeks and is estimated to have cost the company hundreds of millions of pounds.
The incident highlighted how vulnerable even large, established UK retailers have become to cyber disruption, particularly as digital sales channels play an increasingly central role in their business models.
Ongoing Pressure on Retail Cybersecurity
Smith’s departure underscores the long-term impact major cyber incidents can have on organisations — not just operationally and financially, but also at leadership level. As retailers continue to invest heavily in digital infrastructure, cybersecurity remains a critical risk area, with attacks capable of triggering prolonged disruption and strategic fallout.
M&S has not commented publicly on Smith’s departure.
thetechtrident.com 