Cyber insurance lessons from Marks & Spencer, Co-op, and Harrods
By Alan Boswell Group

In this article
In the wake of a recent rise in high-profile cyber attacks, the need for cyber insurance has never been more important. Over recent months, major UK retailers including M&S, Co-op, and Harrods have all fallen victim to increasingly sophisticated cyber attacks.
Recent cyber attacks
One of the most highly publicised cases this year was the cyber attack on Marks & Spencer over the Easter period, which triggered disruption across its operations and continues to do so months later. M&S was forced to suspend its online clothing business and faced significant supply chain disruption to its food stores, which resulted in nearly £750 million wiped off its market value.
Crucially, the company revealed that the breach, which also involved the theft of customer data, was not the result of technical failure, but human error. This highlights that even the most sophisticated IT and cyber security systems can’t fully eliminate risk. People remain the weakest link in cyber resilience, and without a comprehensive risk management strategy (with a focus on staff training/awareness) and cyber insurance, businesses leave themselves exposed.
The financial repercussions of cyber incidents can be severe. M&S has estimated a £300 million hit to profits and disruption to continue through to July. They may also be liable for fines for data loss, the cost of litigation and cyber security improvements, and the need to reduce costs in the future to offset the impact on profits. The company is working to mitigate the damage through “management of costs, insurance and other trading actions”. Fortunately for M&S, they have cyber insurance on which they can claim up to £100m, but that still leaves them with a large hit to their bottom line and reputation after what had been a year of strong performance for the brand.
Marks & Spencer is not alone. In the same period, Co-op and Harrods were also targeted by cyber criminals, in attacks that similarly disrupted operations and exposed sensitive data. While each incident differed in nature, a clear trend is emerging: attackers are becoming more strategic, opportunistic, and sophisticated. The National Cyber Security Centre has warned that it expects the use of AI in cyber attacks to be likely to equate to an increase in frequency and severity of cyber threats over the next two years.
It's not just the tech infrastructure at risk, but brand reputation, customer trust, and operational continuity.
How can cyber insurance help?
As well as covering financial losses, a well-structured cyber insurance policy provides access to expert breach response teams, legal counsel, public relations support, and business continuity planning. These resources can be the difference between a swift recovery and long-term damage.
Considering recent events, some insurance industry analysts expect cyber insurance premiums to rise in 2026 and insurers to impose stricter controls on the insured, as underwriters reassess the frequency and severity of claims. However, at present, cyber insurers are offering lower premiums than in 2024, so now is an ideal opportunity for businesses to review their protection against unwanted cyber attacks.
The lessons from M&S, Co-op, and Harrods are clear; cyber security, risk management and training are critical in defending against cyber attacks. However, it's equally important to recognise that you cannot totally eliminate the human factor. This is where cyber insurance steps in to protect the long-term viability of your business, where reputational damage can be significant.
Need help with your insurance?
To find out more about cyber insurance for your business, get in touch with our expert team.