Following National Insurance Awareness Day at the end of June and the high-profile Marks & Spencer cyberattack, Clear Insurance Management is urging retailers to take immediate action to protect against escalating digital threats.
In the case of the recent M&S cyber incident, only £100 million of cyber insurance coverage was in place, which was far short of the £300 million in damages incurred, leaving the retail giant significantly underinsured.
As more retailers shift operations online and rely heavily on third-party platforms, the financial impact of operational downtime triggered by incidents compromising personal data can be severe and far-reaching.
Despite this, many businesses still don’t hold adequate cyber insurance…or any at all.
Clear Insurance Management is urging retail companies to assess their ability to respond to cyber attacks and ensure that thorough risk assessments are in place.
By evaluating your level of protection and potential costs of probable or catastrophic incidents, you can make confident decisions and ensure that you have adequate insurance coverage.
David Channing, Senior Cyber and Tech Broker at Clear Insurance Management, provides their thoughts on the subject:
“The M&S cyberattack demonstrates that a well-coordinated cyber event can bring even the most established retailers to a standstill. Smaller retailers, often with fewer resources and less robust security, are even more exposed.
Cyber insurance is not just about transferring risk – it’s about ensuring you have access to expertise, support, and financial protection needed to recover and continue trading when the worst happens.”
In the M&S case, hackers gained access not directly through the retailer but via a third-party payroll provider using a widely adopted file transfer tool that contained a known vulnerability. For retailers, this raises a serious concern – you can have strong internal systems, but still be exposed through your supply chain.
“Supply chain vulnerabilities are a growing concern. As the M&S incident shows, cybercriminals may exploit third-party relationships or internal service desk processes to gain access and move laterally within networks. Even with strong internal controls, retailers remain exposed if their partners and suppliers are not equally vigilant.
Comprehensive cyber insurance should account for the reality of today’s risks, providing coverage for incidents that originate not only within your own systems, but also the vulnerabilities of your supply chain.”
Retailers are uniquely exposed. With a high volume of daily transactions, personal data held on file, and operations heavily dependent on digital infrastructure, even a brief disruption can lead to major financial consequences. From website outages to data leaks, the impact on brand reputation, customer trust, and cash flow can be immediate and long-lasting.
And yet, many businesses still don’t view cyber insurance as a must-have. It’s often seen as an optional extra or something only relevant to tech companies. But in today’s landscape, it’s becoming a core component of business continuity planning.
“Cyber insurance provides more than just financial compensation. It offers access to incident response and crisis management teams, legal and regulatory support, IT forensics, crisis communications, and post-breach remediation.
For retailers, this means having a team of specialists on hand to help restore systems, manage communications, and protect your reputation – critical support that can make all the difference in the aftermath of an attack”
Beyond financial protection, policies frequently come with access to specialists who can guide businesses through the aftermath of a breach. For a retailer facing public scrutiny, media attention, and operational downtime, this support can be just as valuable as the cover itself.
Government data indicates that under 40% of UK businesses have a formal cyber risk strategy, yet retail remains one of the most targeted sectors due to high stakes and slim margins. In fact, among medium and large businesses (where most retailers fall), this rises to 67% and 74%, respectively.
Despite this vulnerability, the majority of companies, especially in retail, lack a structured response plan. The gap between threat and preparedness makes losses from breaches and business interruption a very real and present danger.
Cyber risk isn’t going away. If anything, it’s evolving, and retailers who fail to prepare may end up paying the price.
“Don’t wait for a crisis to test your defences. Invest in cyber insurance, develop a robust business continuity plan, and let us help you safeguard your business for the future. Even small, timely adjustments can make a significant difference in your resilience to cyber threats”.
About Clear Insurance
Clear Insurance Management focuses on providing specialist insurance solutions, including cyber liability, while maintaining the highest professional and ethical standards.
They are a Chartered Insurance Broker, and their affiliation with Lloyd’s further enhances their ability to offer specialised insurance products and guidance.
