Morrisons struggles with sales growth after cyber attack

In the United Kingdom, the supermarket chain Morrisons has faced significant challenges following a cyberattack that occurred in November 2023. As the fifth-largest grocery retailer in the UK, Morrisons has been working on its turnaround since being acquired by the American private equity firm Clayton, Dubilier & Rice in 2021. The attack targeted Blue Yonder, the company responsible for its supply chain management software, leading to serious disruptions in product availability. As a result, Morrisons experienced a notable slowdown in sales growth during the first quarter of 2024, contrasting sharply with the previous quarter's performance. Moreover, the company reported a like-for-like sales growth rate of only 2.1 percent for the three months ending January 26, 2024, a decrease from the more robust 4.9 percent growth in the preceding quarter. Total sales increased to £4 billion during this period, demonstrating that although there was some growth, it was significantly muted by the problems brought on by the cyberattack. The blackouts caused by the attack compelled Morrisons to reduce prices on select products to attract consumers back, although it was evident that this strategy did not prevent a downturn in overall sales. The cyber attack's fallout is not just affecting sales figures; it has intensified the competitive landscape among UK supermarkets. Rivals such as Asda have begun to ramp up price wars, further squeezing Morrisons' ability to recover. The competitive pressures are exacerbating the challenges Morrisons faces during its turnaround phase, thereby extending the consequences of the breach. All these factors contribute to a fraught situation for Morrisons as it navigates increased competition amid ongoing recovery efforts. Loyalty card transactions have shown a new record, with the scheme reaching a remarkable 78 percent participation. This figure, however, does not fully ameliorate the impact of the supply chain disruptions caused by the cyber attack, nor does it alleviate concerns among the management and stakeholders about the potential long-term implications on brand reputation and customer trust. The operational disruptions from the attack signify the critical importance of cybersecurity measures within the retail sector, a cautionary tale that may have ramifications for other companies in the industry as well.