Cyber attacks targeting M&S, Co-op, and Harrods propel interest in cyber insurance policies
Retail giants like M&S, Co-op, and Harrods have recently faced cyber attacks, leading to a potential surge in demand for cyber insurance and pushing insurers to ask tougher questions when providing coverage.
These incidents aren't just headlines; they serve as a wake-up call for the cyber insurance industry. On 22nd April, M&S confirmed being targeted in an attack, forcing them to halt online orders. The Co-op and Harrods experienced similar assaults, albeit on specific sites.
According to Holly Waszak, head of cyber claims UK at Marsh, the cyber insurance market has been keeping a close eye on attacks against the retail sector, especially those like M&S's. And these incidents could stir larger interest in the cyber insurance market.
The market for cyber insurance has been expanding at a rapid pace for the past five years, but it's been softening recently due to an increase in capacity and a decline in claims. However, experts like Ollie Dent, partner at Kennedys, foresee these incidents driving renewed interest in cyber insurance.
In a new Marsh report, it was revealed that, despite a 31% decline in ransomware claims in 2024 compared to 2023, claims still surpassed those recorded in 2020, 2021, and 2022. So while the number of claims is decreasing, it's still above pre-pandemic levels.
These attacks will inevitably result in insurance companies incurring costs when their clients file claims, especially considering M&S's reported loss of over £1m per day during the attack. However, experts like Alistair Clarke, managing director at Aon, stress that these incidents alone might not be enough to significantly impact the market.
Some insiders believe that the current soft market conditions could start to change. Sarah Neild, head of cyber retail at Howden, suggests that at least one major carrier is considering a 10% increase across various classes, signaling a potential turning point in the market.
From a legal perspective, these policies represent relatively new terrain, as Aaron Le Marquer, partner at Stewarts, explains. The legal industry is yet to test these policies extensively, and if a systemic cyber loss simultaneously affects multiple sectors or regions, litigation may be inevitable.
It's crucial to note that M&S isn't the only target. Threat groups linked to the attacks, like Scattered Spider, are known to target hospitality, retail, and casinos. Moreover, we're witnessing advances in AI and technology being used by hacking groups to carries out sophisticated social engineering attacks, such as using deepfake technology to deceive employees into transferring funds to fraudulent accounts.
In essence, the cyber insurance market is evolving in response to the increasing threat of cyber attacks on retail businesses. With both premiums and underwriting criteria likely to tighten, businesses must stay vigilant and adapt their cybersecurity measures to stay protected.
The surge in cyber attacks targeting retail giants, such as M&S, Could foster greater interest in the cyber insurance market. The evolving threat of cyber attacks, coupled with advances in technology and AI, necessitates businesses to enhance their cybersecurity measures and adapt accordingly to stay protected.
