Recent cyber attacks targeting major UK retailers—M&S, Co-op and Harrods—are expected to fuel demand for cyber insurance and prompt insurers to tighten coverage assessments, industry experts say.
M&S announced on April 22 that it had suffered a cyber attack that forced it to suspend all online orders, a pause still in place. Co-op and Harrods also reported breaches, though on a smaller scale, affecting specific sites.
Holly Waszak, head of cyber claims UK at Marsh, said the cyber insurance market is closely watching the situation. “The cyber insurance market has been taking a keen interest in attacks against the retail sector,” she said. According to Waszak, insurers are “monitoring developments closely.”
Ollie Dent, partner at Kennedys, said these high-profile incidents could renew momentum in the cyber insurance sector. “[The market] has exploded over the past five years,” Dent said. “But it softened in recent months due to an increase in capacity and a slight dip in claims.”
A Marsh report found ransomware claims in 2024 declined 31% from 2023 but still remained more than double those seen in 2020, 2021, and 2022.
Chris Burgess, director of cyber at Markel International, added that growing competition among insurers has driven down pricing. “Cyber insurance pricing has become more competitive over the past 12 months,” he said.
Despite this, the financial toll from the retail attacks is likely to be significant. M&S reportedly lost over £1 million per day during the outage. Yet Alistair Clarke, managing director at Aon, said the incidents are not large enough to shift the overall market. These incidents would not cost enough to move the market, Clarke noted.
Some signs suggest the current soft market may tighten. Sarah Neild, head of cyber retail at Howden, noted trends in the US pointing to potential premium increases. “At least one major carrier suggests that they are looking for 10% increases across a number of classes,” she said.
Clarke said prices rose from 2019 to 2021 but have been falling since. “This won’t last forever,” he said, urging businesses to secure policies while rates remain favourable.
Aaron Le Marquer, partner at Stewarts, highlighted legal uncertainties. “Cyber insurance policy wordings remain relatively ‘new’ and entirely untested in the English courts,” he said.
Experts caution against viewing the issue as retail-specific. “It would be a mistake to think that the current issue is a retail problem; they just happen to be the target this week,” Neild said.
What are your thoughts on the potential impact of these retail cyber attacks on the cyber insurance market? Share your insights below.
