UK ransomware attacks will impact cyber pricing, says broker

A string of ransomware attacks against UK retailers could slow or even reverse softening in the cyber insurance market, a broker has told Commercial Risk.

Recent weeks have seen multiple cyberattacks targeting UK companies, including clothing and food retailer Marks & Spencer (M&S), up-market department store Harrods and supermarket chain Co-op. The ransomware attack against M&S proved particularly disruptive, causing the group’s online sales to shut down and disrupting its supply chain during the busy May Bank Holiday trading period.

The high-profile attacks are likely to impact cyber insurance pricing and potentially coverage, which have been softening in recent years, according to London-marker focussed insurance and reinsurance broker BMS Group.

“The recent cyberattacks targeted at high-profile retailers in the UK will almost certainly pause, if not reverse, the softening of cyber rates seen through 2023 and 2024,” said Monica Tigleanu, cyber strategy director at BMS Group.

“The attacks are an example of elevated loss frequency and severity for the liability coverages, as well as first-party business interruption – particularly from ransomware campaigns. This will drive underwriters to have more scrutiny on response and recovery risk controls, tighten terms and reintroduce rate increases – or at least stop further declines if the class is to remain profitable – and revisit aggregate limits on large retail programmes,” she said.

The M&S cyberattack may also make insurers revisit underwriting standards that have deteriorated in the soft market, according to Tigleanu.

“In their rush to grow their portfolios and deploy new products and capacity post-2021 when profitability was back, some insurers relaxed technical requirements around controls and asked fewer questions around business interruption exposure, for example understanding if companies conduct business impact analyses to measure or test their business continuity plans,” she said.

“As those accounts incur larger-than-expected claims, underwriters will now reverse those concessions, raising minimum control baselines and insisting on evidence of ongoing risk management such as business impact analyses,” she added.

The M&S cyberattack should serve as a wake-up call, according to Simon West, UK-based director of customer engagement at Resilience Cyber Insurance Solutions, a US-based provider of cyber risk management and insurance solutions.

“This incident underscores the broader vulnerability of UK companies, revealing that even well-prepared organisations face challenges, not just from technical weaknesses but from human factors such as phishing, social engineering, insider errors and third-party risks. The fact that an organisation as reputable and well-funded as M&S can fall victim to such an attack serves as a wake-up call. It shows that no company, regardless of size or investment, is immune, and that cyber threats remain an enterprise-wide risk, not merely an IT issue,” he said.

According to data from broker Marsh, UK ransomware claims fell 31% in 2024, but remained approximately double the totals recorded for 2020, 2021 and 2022. Marsh attributed the decline in UK ransomware claims last year to the increase in law enforcement activity, a fall in the number of organisations opting to pay ransoms and improved cybersecurity measures.

“Ransomware activity typically follows cyclical patterns, with periods of relative quiet punctuated by sharp increases in attacks. These fluctuations are driven by the financial motives of threat actors, who often time their campaigns to exploit peak periods of organisational distraction, such as major holidays. Notably, the recent Bank Holiday exemplifies this trend, with attackers leveraging the reduced staffing and heightened operational demands to maximise impact and ransom potential,” said West.

He believes the M&S attack will shine a spotlight back on organisations’ cybersecurity and business continuity planning.

“High-profile breaches like this one reinforce the importance of robust cyber protection and the role insurance plays in helping businesses recover swiftly from major incidents. As threats evolve, insurers are expected to place greater emphasis on strong risk management and preparedness, encouraging companies to adopt best practices,” he said.

“Although premiums may rise for organisations with weaker controls, cyber insurance remains a crucial safeguard, offering not only financial protection but also valuable support through incident response services, forensic expertise and risk mitigation partnerships. Rather than simply a cost, it should be viewed as an essential part of a company’s broader resilience strategy,” he added.

The M&S incident provides several critical lessons, according to West.

“First and foremost, technical controls alone are insufficient. Resilience must be integrated across the entire organisation, including leadership. Regular testing of incident response plans, employee training and thorough reassessment of third-party risk exposure are essential. Companies should implement multi-factor authentication, monitor for lookalike domains, and educate staff on recognising phishing, smishing, and vishing attacks,” he said.

Tigleanu expects cyber underwriters will pay greater attention to organisations’ cyber incident response plans and business continuity management.

“Going forward, insurers will scrutinise resilience around response and recovery. For example, they may ask for tested continuity plans, or tested incident response plans both in terms of being updated with latest scenarios and the scope of those plans. Insurers may also require validation of deployment of advanced controls, even rechecking some of the previous disclosed controls such as MFA in the context of Identity access management, EDR/XDR and network segmentation,” she said.

“Furthermore, cybersecurity should no longer be seen as a siloed IT concern, but as a board-level issue with clear accountability. Proactive collaboration with peers and cybersecurity experts will also enhance collective defences,” she added.