Companies Under Siege: Co-op and Harrods Reportedly Lacked Proper Cybersecurity Insurance Coverage
Major UK retailers Harrods and the Co-op found themselves embroiled in cyberattacks last month, leaving them potentially liable for any losses incurred since neither had cyber insurance coverage.
Insurance Insider revealed that unlike Marks & Spencer (M&S), neither the iconic department store nor the Co-op had cyber insurance, which could compromise their financial positions, given the breaches.
End-April saw Harrods and the Co-op join the list of significant UK household names that suffered such attacks. On April 30th, the Co-op halted parts of its IT systems and suspended contactless payments at approximately 10 per cent of its stores after detecting a potential infiltration. Harrods confirmed two days later that "unauthorized access" attempts were identified on its systems.
The Co-op restored all payment operations by May 14th following the attack. Meanwhile, M&S suspended online purchases on April 22nd, and they remain unavailable. Early this week, M&S informed investors that the attack would reduce its earnings by £300 million this year.
However, M&S is reportedly preparing to claim up to £100 million from its cyber insurance policy. Insurance Insider reported that M&S had a cyber insurance policy arranged by WTW with a coverage limit of £100 million, with German insurer Allianz as the primary carrier for the first £10 million, and Lloyd's insurer Beazley named among those exposed to the financial losses.
Experts told City AM that recent retail sector attacks might spur increased demand for cyber insurance while forcing insurers to ask more questions when offering coverage.
Law firm Kennedys' partner Ollie Dent commented that the cyber insurance market had been expanding rapidly over the past five years but softened recently due to increased capacity and a slight increase in claims. According to insurer broker Marsh, UK cyber claims decreased by 20 per cent in 2024 compared to 2023 but remained approximately one-third higher than in 2020, 2021, and 2022.
Harrods and the Co-op were contacted for comment.
The recent attacks on Harrods and the Co-op underscore the importance of robust cybersecurity measures. Without cyber insurance, companies have to bear the entire financial burden of cyberattacks, which might lead to significant financial implications, operational disruptions, regulatory compliance issues, and long-term damage to their reputation and customer trust.
The absence of cyber insurance at Harrods and the Co-op, as opposed to the insurance held by Marks & Spencer (M&S), could potentially expose them to substantial financial risks due to the recent attacks. The escalating demand for cyber insurance in the retail sector, driven by recurring attacks, may compel insurers to scrutinize coverage more carefully.
