UK retail cyberattacks help stabilise falling rates, increase wordings scrutiny

By Rebecca Delaney

June 4 - (The Insurer) - The recent spate of cyberattacks on UK retailers may accelerate rate stabilisation for retail clients, Jelmer Andela, global commercial director for cyber at Liberty Specialty Markets (LSM), told Cyber Risk Insurer.

However, Andela said rate increases alone will not be a sufficient corrective measure to combat large business interruption (BI)-driven losses in the cyber insurance market.

He said that it will take a couple of months for insurers to see how losses from the recent incidents compare to expectations.

“We do observe some rate stabilisation, particularly in the U.S., and that is also coming into the UK markets. Potentially all these attacks happening now in the retail sector could accelerate a more stabilising market from a rate perspective,” said Andela.

“It might not be as hard as what we saw in 2019 and 2020, because we know that a lot of customers were frustrated with that. But I think these types of events, and we don't know how many more are to come in the retail sector or whether another threat actor will come into the picture, can accelerate a more stabilising rate environment than we have seen before.”

The retail sector, along with the majority of other industries, has experienced rate decreases over the past two years.

“Rates rose through lockdown and peaked around Q4 2021; however, since 2023, buyers – including retailers – have enjoyed a very favourable rate environment,” said Alistair Clarke, London cyber broking leader at Aon.

He added that following an average rate reduction of 14.5% in 2024, similar declines were observed in the first quarter of 2025.

According to Clarke, retail ranks as the industry with the sixth highest propensity to purchase cyber insurance, notably behind manufacturing (first) and financial institutions (fourth).

He continued that as the market has experienced a prolonged period of rate reductions, it is a ripe time for existing policyholders to avail themselves of more limit, particularly for BI cover.

BI REMAINS MAJOR LOSS DRIVER

The potential for BI losses stemming from cyber events was also discussed by Andela, who argued that higher rates alone are not sufficient to offset this level of loss activity.

“As of today, BI is probably still one of the largest loss drivers for the cyber insurance industry,” he said.

“Whether that will lead straight to higher prices is one thing, but that is not a corrective measure. If you want to offset these large losses with purely pricing, you will need to substantially increase pricing, which will probably not be sufficient to cover them all.”

Beyond pricing, other underwriting measures to combat BI losses suggested by Andela include a re-examination of wordings, particularly insurers’ level of comfort around BI waiting periods.

CYBERSECURITY IN FOCUS

As well as a potential reconsideration of wordings, the recent cyberattacks aimed at UK retailers are likely to draw greater scrutiny on insureds’ incident response capabilities, Andela said.

“It definitely highlights for underwriters to more carefully look at response capabilities, business continuity planning and disaster recovery,” he said.

“I do think the recent attacks are a sign to the market that we should not underestimate the potential exposure. It's not a given that every company with a big name has the right security controls in place or is prepared at the same level when it comes to a cyber incident.”

This will be particularly felt in the retail sector, Andela argued, owing to the potential exposure associated with holding vast amounts of customer data.

“That is definitely something underwriters will monitor more closely, particularly in relation to the retail industry,” he said.

“We need to be realistic with retail firms holding a lot of data from customers, whether it's payment data, customer loyalty cards, or other types of information. From an underwriting standpoint, I would expect that we'll definitely be more focused on cybersecurity maturity levels.”

RETAIL: A NEW TARGET?

Do the recent attacks on Marks and Spencer, the Co-op Group and Harrods signify new lucrative targets for threat actors, or do the household brand headlines serve to underline the tangibility of cyber risks for the retail sector as a whole?

Gabriel Bassett, global head of cyber risk engineering at LSM, argued that the recent incidents demonstrate the ability of threat actors to impact a new industry with existing tactics, rather than signifying a brand new attack method.

“Even though one threat group is the first through the door, different ones will learn from that visibility and will follow. It really highlights that any organisation needs to look at the cyber threats that face other industries and understand how they intersect with that value chain,” said Bassett.

For example, retailers traditionally overlapped with other attack-prone sectors through payment processing.

“We knew that threat actors have targeted the logistics chain successfully in other industries. Now that they have demonstrated the ability to target that portion of the organisational value chain in retail, I think that we will see multiple threat groups continue to follow that approach,” Bassett added.

CHALLENGES FOR SMEs

Shawn Ram, chief revenue officer, insurance at Coalition, argued that the series of high-profile attacks against UK household names masks a deeper issue among SMEs.

According to figures from Coalition’s research team, of the 133 UK companies publicly listed by ransomware groups in 2025 to date, 77% had fewer than 200 employees, up from 61% across 2024.

It found that more businesses with fewer than 10 employees (4%) have been affected in the year to date than those with more than 10,000 employees (1.5%), underlining the intensity of the financial and time demands that a cyberattack can inflict on smaller businesses.

“While major retailers have the resources – and often the cyber insurance – to weather such incidents, most SMEs lack the financial resilience and protection to recover quickly,” said Ram.

“Cyber risk is no longer just an IT issue; it’s a fundamental business continuity threat that businesses must urgently prioritise.”