Major UK retailers are bracing for double-digit hikes in cyber insurance premiums following a surge in cyberattacks, marking a reversal of a trend toward decreasing rates.
The retail sector, previously benefiting from declining premiums throughout 2023 and early 2024, is now under intensified scrutiny from insurers in light of significant breaches affecting high-profile companies like Marks & Spencer (M&S), Harrods, and the Co-op.
Retailers confront escalating cyber insurance costs
Insurers are reevaluating the cyber risk landscape for retail businesses in the wake of a series of intricate attacks. Notably, M&S suffered a major system outage, reportedly incurring losses exceeding £40 million in online sales, and may seek substantial claims for business interruption. Concurrently, the Co-op has confirmed a data breach affecting a wide array of customers.
As these incidents unfold, insurers are contemplating potential rate increases of up to 10% for retail clients, with some firms signaling a possible withdrawal from the sector due to mounting risk levels.
Social engineering tactics target IT help desks
Investigative reports indicate that cybercriminals impersonated employees to manipulate IT help desks into resetting passwords, thereby gaining illicit access to internal networks. The UK’s National Cyber Security Centre (NCSC) has recommended that organizations overhaul their help desk protocols to avert similar incidents.
A group known as DragonForce has claimed responsibility for the attacks on M&S, the Co-op, and Harrods, alleging the theft of staff credentials and potentially 20 million customer records.
Government calls for enhanced cyber resilience
The UK has reported a significant uptick in “nationally significant” cyberattacks, with 200 incidents documented since September—double the number recorded during the same timeframe last year. The NCSC identified that among these events, 12 were classified as the most severe. Recent high-profile attacks have predominantly been linked to ransomware groups, including Scattered Spider and DragonForce.
In response to these escalating threats, the government is considering policies that would prohibit ransom payments in critical sectors. As the retail landscape navigates these complex challenges, insurers are likely to adapt their premiums to reflect the heightened risk environment.
Organizations are therefore encouraged to fortify their cybersecurity strategies to mitigate potential vulnerabilities and manage insurance costs more effectively.
