By Maria Ward-Brennan

Copyright cityam

This year, headlines have been dominated by cyber attacks against prominent business names, causing disruptions and financial losses. But many of these businesses lacked a major tool: cyber insurance coverage.

Marks & Spencer dominated the news in April and May after it was hit by a cyber attack, which forced the retail giant to suspend its online ordering capabilities. The suspension of its online orders lasted for over six weeks, resulting in financial losses for M&S.

Around the same time as M&S, the Co-op and Harrods were also hit by attacks.

In July, four people, including three teenagers and a 20-year-old woman, were arrested in connection with a wave of cyber attacks against M&S, the Co-op, and Harrods.

At the time, Xavier Sheikrojan, senior risk intelligence manager at software firm Signifyd, said: “Retailers are prime targets because of the volume of identity and payment data they hold.”

The attacks did not stop. Adidas suffered a data breach in May, and an IT outage at H&M in June resulted in a failure of its payment systems.

Cyber threats grow

The attacks shifted from retail giants to the transportation sector after Jaguar Land Rover was forced to halt production at the start of September due to a cyber attack that disrupted its global IT systems.

Earlier this week, the UK’s largest automaker announced it had extended its production shutdown until at least 1 October, as it was unable to restart operations following the attack.

Then, train operator LNER confirmed in early September that a cyber attack on a third-party supplier had resulted in the exposure of some passenger data.

Just last week, Heathrow and several European airports, including Berlin and Brussels, were targeted in cyber attacks, resulting in travel disruptions at these major airports.

The cost of cyber attacks

The UK’s Cyber Monitoring Centre (CMC) estimated the total cost of the cyber attacks, which crippled major UK retail organisations, could be in the region of £270m to £440m.

The financial consequences for Heathrow Airport and other businesses affected by supply chain or third-party breaches were not disclosed publicly.

Analysts have estimated that Jaguar Land Rover incurred losses of approximately £5m to £7.1m per day in lost output due to a cyber attack.

On Thursday, the Co-op revealed in its H1 results that the ‘malicious’ cyberattack cost the retailer £206m in lost revenue.

M&S warned investors in May that the cyber attack would shave roughly £300m off its annual profit; however, M&S had cyber insurance coverage, which allowed the retailer to make a claim of up to £100m under its policy.

The German insurer Allianz is reportedly the primary carrier on the policy, with specialist Lloyd’s of London insurer Beazley among those exposed to the financial losses.

Harrods and the Co-op were noted in reports as not having cyber insurance, and it was revealed that Jaguar Land Rover did not have cyber insurance after it “failed to finalise” a deal before it was struck by hackers.

Sarah Nield, head of cyber retail at Howden, told City AM, said: “Despite growing awareness, 70 per cent of European companies remain uninsured. Many businesses still underestimate the scale of the threat or lack understanding around the effectiveness of cyber insurance in mitigating impacts.”

“The truth is no business is immune — whether you’re an automaker, retailer, or SME, cyber risk is universal.”

“That’s why resilience planning, supply chain visibility, and the right insurance protection are no longer optional but critical for survival in today’s connected economy,” she added.

The missing piece: Cyber insurance

Following the attacks earlier this year, insurance experts told City AM that these attacks should drive increased demand for cyber insurance, but will also force insurers to ask more questions when offering coverage.

Cyber insurance, which covers cyber attacks, data breaches, and privacy incidents, is not a new type of cover; however, due to its complexities, it was often an expensive additional option.

Due to rising demand, the cyber insurance market has almost tripled in size over the past five years, according to a report by Munich Re earlier this year.

However, while cover is important, it’s not the only piece of the puzzle.

Beazley CEO Adrian Cox told City AM: “While there is no simple solution to this problem, and cyber-attacks are inevitable, it’s time to build a mindset of preparation, not panic. Building resilience that focuses on before, during and after prevention and protection is the only way we can avoid prolonged outages that shatter reputations and cripple finances.

“Whilst no institution is impenetrable, appropriate controls and protections do help, and the quality of response to an attack is as impactful as preventing one in the first place.

“Insurance is an important part of the solution, but it cannot be the only piece.”