Briefing: High profile attacks represent penetration opportunity for cyber market

The high profile cyber attacks that hit UK supermarkets over Easter weekend (18 to 21 April 2025) have cut through to the mainstream media, with resultant coverage – hopefully – helping to drive home the potential costs of disruption from cyber attacks for UK businesses. 

Marks and Spencer (M&S) was the first retailer to report a cyber incident on 21 April 2025, with Harrods also reporting its own difficulties on 1 May.

Co-op has also been struggling with empty shelves and disruption too, but reportedly made the decision to “pull the plug” on its own systems when it discovered a cyber attack in process in May 2025. It has thus been able to recover more quickly.

M&S, on the other hand, is still not able to accept online orders after hackers stole private customer and employee information – the brand has subsequently seen £700m wiped off its market value. Its suspension on online orders is expected to last until July 2025.

Harrods, as a privately owned company, has not disclosed details of its cyber attack – but its website and payment systems remain widely operational. 

Such visible brands being impacted by cyber attacks has upped the visibility of this type of risk to businesses, presenting the insurance sector with an opportunity to finally drill down into one of its most underpenetrated markets. 

Never waste a good crisis 

The popular perception of a cyber attack is quite Hollywood-ified, with hackers forcing their way into a mainframe via a screen with green numbers scrolling past in a blur. The public generally believe that attacks like this are solely about stealing information, but these recent supermarket incidents show that business disruption is just as possible – and a likely secondary aim for cyber criminals.

The government’s latest Cyber security breaches survey 2025, published 10 April this year, showed that four in 10 businesses reported cyber attacks across 2024 – equivalent to 612,000 firms.

The research additionally showed that, while the prevalence of cyber crime remained largely static year-on-year, ransomware attacks – which are specifically designed to disrupt business operations – are on the rise. The M&S attack, for example, was an example of a ransomware incident.

The challenge for the cyber insurance sector is to convince businesses – particularly SMEs, where penetration of this cover is poorest – that cyber risks are not abstract, but can seriously impact the ability of organisations to keep running as usual.

Speaking to Insurance Times during Biba’s 2025 conference in Manchester on this topic, cyber specialist CFC Underwriting’s distribution director, Patrick Brice, said that the sector should “never waste a good crisis”. 

He explained: “We should never waste an opportunity to talk about cyber attacks, especially when they cut through to the mainstream.

”Cyber risk, as we’ve seen in the past few weeks, can shut down your business in a heartbeat if you haven’t transferred that risk and worked with experts who understand how to proactively mitigate that risk.” 

Many SMEs in the UK report having cyber cover in place as part of a wider insurance policy – 45% of small firms and 47% for medium-sized firms, according to the government’s aforementioned survey – but the vast majority do not have a specific, standalone cyber policy in place.

General policies only kick in to indemnify businesses from cyber attacks for physical losses or tangible assets, whereas specific cyber policies cover risks such as ransomware attacks, data breaches and third party liabilities.

Only 17% of small businesses and 18% of medium businesses have the sort of specific cyber policy that would protect against these risks – showing the extent of the opportunity in this market. 

Good timing

As Sam Franks, Beazley’s country manager for the UK and Ireland, told Insurance Times at the Biba Conference 2025 about cyber cover, “the smaller the client is, the lower the penetration at the moment”.

And, despite the communication advantages of being able to point to high profile attacks in the news, Franks added: ”There’s a risk that headlines about very large organisations perhaps doesn’t necessarily tackle the ‘it will never happen to me’ misconception.

“But, on balance, it is helpful. Smaller clients in supply chains do feel the impacts of these attacks and we had brokers ringing recently to say their clients were suppliers to the Co-op and had been affected because the purchase order system was down.” 

It is not just the supermarket attacks that make this a good time for brokers to press the flesh with SME clients on cyber cover, however. 

As Alistair Clarke, London cyber broking leader at Aon, noted: ”Ransomware remains the number one cause of cyber losses.

”Any businesses, like those in retail, that aggregate data at scale should consider if their coverage is adequate and particularly whether they’re covered for business interruption stemming from cyber events. 

“The market has experienced a prolonged period of rate reductions, making it a good time for existing policyholders to avail themselves of more limit or, of course, those without coverage to buy for the first time.” 

As cyber rate reductions make cover more affordable, policyholders are also benefiting from a softening market, meaning that commercial clients should make savings on their insurance spend. 

Despite the challenge of this period for insurers, Brice identified a silver lining. 

He said: ”The market is softening at the moment, so clients should save money on their insurance programmes. There’s never been a better time to say ’your motor, property and liability insurance are 15% cheaper because the market’s changing, so let’s use that opportunity to buy some additional protection for a fraction of what you’ve saved’.” 

The opportunity to solve a stubborn coverage gap is there – it is now for brokers and insurers to take it.