We know the UK’s eCommerce sector is thriving, but the bigger you are, the more attention you get. Cybercrime is escalating at an alarming rate, and British retailers are increasingly in the firing line. For businesses operating online, cyber insurance is no longer a discretionary expense – it’s critical to doing business online. The cost of being unprepared can be devastating, yet many businesses still haven’t invested in cyber insurance. That might be because they don’t know what it is, or how it can help, so we’re going to take a look at that here.
Cyber attacks are on the rise
In recent months, there have been increasing amounts of cyberattacks on UK businesses, including several that were successful. Government data shows that 43% of UK firms experienced a cyber breach in the past year, with retail among the hardest hit. Attackers exploit complex supply chains and third-party integrations, often deploying “ransomware as a service“ platforms like Dragon Force and Scattered Spider, which have dominated headlines in 2025.
As a retailer, you are a prime target because you process lots of transactions and store sensitive customer data. The rise of omnichannel shopping and loyalty programmes has widened the attack surface, creating more vulnerabilities and making breaches more likely – and more damaging.
The cost of not being prepared has taken quite a significant financial impact on the businesses that have been successfully breached. Marks & Spencer’s ransomware attack wiped £700 million off its market value and caused an estimated £300 million in lost profits, fortunately they had a cyber policy in place which has paid back £100 million.
However, Co-op reported losses exceeding £120 million after hackers disrupted store systems and leaked member data, and they didn’t have cyber insurance in place, although reports suggest they had considered taking out cover.
Beyond direct losses, businesses face regulatory fines under UK GDPR, legal costs, and reputational damage. Studies show 58% of consumers deem breached companies untrustworthy, and 70% abandon brands post-incident. For eCommerce, where trust drives conversion, a high-profile hack can be disastrous.
Beyond the M&S and Co-op attacks, this year has also seen:
- Harrods: Restricted internet access across stores after intrusion attempts, highlighting how even luxury brands are vulnerable.
- Jaguar Land Rover: Though not a retailer, its cyberattack rippled through UK supply chains, costing £50 million per week in lost production.
What does Cyber Insurance do?
Cyber insurance cushions the blow by covering:
- Data breach response: Notifications, credit monitoring, forensic analysis.
- Business interruption: Compensation for lost income during downtime.
- Regulatory compliance: Legal defence and fines under GDPR.
- Reputation management: PR support to restore trust.
Basic steps to protect your business
We would recommend to anyone that relies on computer systems to at least implement multi-factor authentication and backups as a minimum. This will provide a basic level of protection in case of a worst case scenario, and many insurers increasingly demand robust security like multi-factor authentication, encryption, and incident response plans before issuing policies; however we do know insurers that have less strict stipulations regarding their cover that can offer the same protections.
At this point, it’s fair to say that cyber insurance shouldn’t be considered optional. In a world where attacks are frequent, sophisticated, and devastating, it’s better to have cover while things are good to protect you in case things go bad.
If you’d like to discuss cyber insurance, we can signpost you to someone that can help. Just get in touch.
