Following the high-profile Marks & Spencer (M&S) cyberattack, Clear Insurance Management is urging retailers to take immediate steps to protect against rising digital threats.
In the recent M&S breach, only £100 million of cyber insurance was in place, far short of the £300 million in damages incurred, leaving the retail giant significantly underinsured.
With more retailers relying heavily on online operations and third-party platforms, the financial impact of operational downtime from data breaches can be severe and widespread. Yet many businesses still lack adequate—or any—cyber insurance.
Clear Insurance Management urges retailers to assess their cyberattack readiness and ensure thorough risk assessments are conducted. Assessing current protection and forecasting potential incident costs helps businesses make informed decisions about securing sufficient insurance coverage.
David Channing, Senior Cyber and Tech Broker at Clear Insurance Management, remarks: “The M&S cyberattack demonstrates that a well-coordinated cyber event can bring even the most established retailers to a standstill. Smaller retailers, often with fewer resources and less robust security, are even more exposed.Cyber insurance is not just about transferring risk – it’s about ensuring you have access to expertise, support, and financial protection needed to recover and continue trading when the worst happens.”
The M&S breach occurred through a third-party payroll provider via a file transfer tool vulnerability, highlighting a key risk: retailers with strong internal systems remain exposed through their supply chains.
“Supply chain vulnerabilities are a growing concern. As the M&S incident shows, cybercriminals may exploit third-party relationships or internal service desks to gain access and move laterally.
Comprehensive cyber insurance should account for the reality of today’s risks, providing coverage for incidents that originate only within your systems, but also the vulnerabilities of your supply chain.”
Government data shows fewer than 40% of UK businesses have formal cyber risk strategies, though retail remains heavily targeted. Medium and large businesses fare slightly better at 67% and 74%, respectively, but many still lack structured response plans. This gap between threat and preparedness increases the danger of costly breaches and disruption.
“Don’t wait for a crisis to test your defences. Invest in cyber insurance, develop a robust business continuity plan, and let us help safeguard your business. Small, timely changes can significantly boost resilience to cyber threats.”
About Clear Insurance Management
Specialising in tailored insurance solutions is Clear Insurance Management, including cyber liability insurance, upholding high professional and ethical standards. As a Chartered Insurance Broker affiliated with Lloyd’s, they offer expert guidance and specialised products.
