What: UK retailers face 10% cyber insurance premium increases following major attacks on Marks & Spencer, Harrods, and Co-op, reflecting heightened industry-wide security risks.

Why it is important: The rise in premiums reflects the growing sophistication of cyber threats targeting retailers, forcing the industry to reassess its security investments and risk management strategies.

The UK retail sector faces significant increases in cyber insurance premiums, with rates expected to rise by 10% following recent high-profile attacks. This reverses the previous trend of declining premiums, which had fallen by up to 20% in 2023 and 15% in 2024. The shift comes as major retailers grapple with sophisticated cyber threats, exemplified by attacks on Marks & Spencer, Harrods, and the Co-op. With retailers typically paying £20,000 per £1 million of coverage, the industry faces mounting pressure to enhance security measures. The impact of these attacks extends beyond immediate operational disruptions, potentially resulting in substantial business interruption claims. Tesco's response, incorporating crisis simulations and regular security testing, demonstrates the industry's growing recognition of cybersecurity as a critical operational priority. As retailers balance digital transformation with security vulnerabilities, the insurance market's reaction signals a fundamental shift in how cyber risks are assessed and priced.

IADS Notes: The projected 10% increase in cyber insurance premiums reflects a critical turning point in retail cybersecurity. The recent wave of attacks, including M&S's April 2025 incident that wiped £700 million off their market value, demonstrates the severe financial implications of cyber vulnerabilities. This is further evidenced by April 2025 industry data showing ransomware accounting for 30% of retail security incidents, with average losses reaching £1.4 million per attack. The sophistication of these threats was highlighted when the Scattered Spider hacking group targeted M&S, causing £3.5 million in daily digital sales losses. The Co-op's subsequent data breach, affecting up to 20 million individuals, underscores how third-party vulnerabilities can compromise even robust security systems. These incidents have prompted a fundamental shift in industry approach, moving from prevention-focused strategies to emphasising rapid recovery capabilities, while insurers reassess risk pricing in response to the evolving threat landscape.

UK retailers face 10% rises in premiums after cyber attacks