Cyber Insurance in 2025: What SME Owners Need to Know

In recent months, cyber attacks on well-known brands like Marks & Spencer, Harrods, and the Co-op have grabbed headlines, with M&S alone reportedly suffering losses of over £1 million per day during its breach. While such major brands have the means to bounce back, if not slowly, the same can’t be said for many SMEs in the UK. 

As cyber criminals become bolder and their tactics more sophisticated, now is the time for business owners to take a hard look at their cybersecurity measures to ensure they’re as equipped as possible to defend against the growing threats. 

Cyberattacks on the High Street

The Easter weekend saw major disruption for M&S, as a cyberattack took key IT systems offline, crippling contactless payments, click-and-collect services, and supply chains. The fallout includes stock shortages and significant operational delays, with the financial consequences still unfolding weeks later. 

Just days later, on 30th April, the Co-op was hit by a similar breach that disabled its back-office systems and call centres. In response, staff were advised not to record meetings or share sensitive information via Microsoft Teams due to security concerns. It was later confirmed that a “significant” amount of customer data had been compromised.

Then, to make matters worse, Harrods became the next high-profile target at the start of May. Although that attack was reportedly thwarted before major damage could unfold, it only added to growing concerns about cyber vulnerabilities across the retail sector.

What Does This Mean for Retail?

The attacks are more than just isolated incidents; they’re a clear warning. If some of the UK’s best-known retailers are vulnerable, no business can afford to be complacent. Online shopping has surged since COVID-19 and shows no signs of slowing anytime soon. This trend, coupled with the steady decline of cash, makes strong cybersecurity more critical than ever. 

But this isn’t just about protecting financial or personal data; it’s about protecting customer trust. Every breach chips away at consumer confidence, and the reputational damage can be deep and long-lasting. Cybersecurity is no longer just a concern for banks and government institutions. Retailers must now meet the same high standards because, unfortunately, in today’s digital world, the risks and real, and the stakes are high.

Why is This Happening?

According to Verizon’s Data Breach Investigations Report, more than 10,000 breaches were recorded across 94 countries in 2024. And of these, over 62% were financially motivated and involved tactics like ransomware or extortion. 

Why? Well, part of the reason is that these attacks are becoming more targeted, more convincing, and more scalable thanks to AI. Groups like Scattered Spider are using deepfake technology and advanced malware to bypass even seemingly strong defences. 

The rise of deepfakes makes it increasingly difficult for employees to tell what’s real. As Chris Burgess, Director of Cyber at Markel International, explains: 

“We’re observing malicious actors using this to develop sophisticated social engineering attacks using deepfake technology to dupe innocent employees of firms into sending money to a malicious bank account.” 

Government Response

In early April, the UK government held a public consultation on new measures to combat the threat of ransomware. The proposals include: 

• A ban on ransomware payments for critical national infrastructure and government bodies. 
• A ransomware payment prevention regime that could require private companies to seek government approval before making any ransom payment. 
• Stronger rules for reporting cyber incidents to improve awareness and coordination. 

The aim of these proposed measures is to make ransomware less profitable for criminals and reduce the pressure on businesses to pay up. However, many business owners are concerned that getting approval before paying a ransom could prolong business interruptions and cause bigger problems during an attack. 

Could this harm the victims more than deter attackers? Only time will tell, but for now, we’ll just have to wait and see how these plans play out. 

Insurance Implications

Despite the escalating threat landscape, cyber insurance uptake remains lower than expected, particularly among SMEs. One key reason is cost. The surge in ransomware incidents has driven premiums higher, making cover harder for smaller businesses to afford.

Some experts caution that these rising premiums could backfire, potentially making insured companies more appealing targets under the assumption they’re more likely to pay a ransom. Meanwhile, insurers are becoming increasingly selective, tightening policy terms and demanding stronger evidence of cybersecurity measures before offering cover.

What Can SMEs Do?

• Review policies before auto-renewal: Premiums, particularly in retail, are expected to rise. Acting early could help you lock in a better rate. 
• Strengthen your cyber defences. Insurers are more likely to provide affordable coverage if you can show you’ve taken cybersecurity seriously. 
• Stay informed. Read our guide to the Top 5 Cyber Threats Facing Businesses in 2025 for practical advice. 

For tailored support or to discuss your cyber insurance options, get in touch with our team today.

References: 

• Maria Ward-Brennan (2025, May 12). M&S, Co-op and Harrods attacks drive demand for cyber insurance. City AM. https://www.cityam.com/ms-co-op-and-harrods-attacks-drive-demand-for-cyber-insurance/
• Eloise Hill (2025, May 13). What do the M&S, Co-op and Harrods cyber attacks mean for UK retailers? Retail Gazette. https://www.retailgazette.co.uk/blog/2025/05/ms-co-op-cyberattacks/
• Verizon (2024). 2024 Data Breach Investigations Report. Verizon Enterprise Solutions, https://www.verizon.com/business/resources/reports/2024-dbir-data-breach-investigations-report.pdf
• Claude Bilbao (2025), Why UK businesses must shift from cyber recovery to cyber resilience in 2025, Cowbell UK. https://www.insurancetimes.co.uk/expert-views/why-uk-businesses-must-shift-from-cyber-recovery-to-cyber-resilience-in-2025-cowbell-uk/1454878.article
• George McDade (2025, May 12). Richard Breavington: Exposure, appetite and uptake – the changing strategy of insurers in the cyber market. https://www.insurancetimes.co.uk/analysis/richard-breavington-exposure-appetite-and-uptake-the-changing-strategy-of-insurers-in-the-cyber-market/1455110.article?adredir=1
• George McDade (2025, April 1). Strengthening resilience first step to clothing the cyber risk protection gap. https://www.insurancetimes.co.uk/news/strengthening-resilience-first-step-to-closing-the-cyber-risk-protection-gap/1454809.article
• Harry McNeil (2025, April 3). Higher cyber premiums ‘may incentivise attackers to escalate threats.’ https://www.insurancetimes.co.uk/news/higher-cyber-premiums-may-incentivise-attackers-to-escalate-threats/1454859.article