The importance of proactive cyber risk management in an evolving threat landscape

Claims Manager, Rachel Nestor explores the recent surge in cyber attacks on major UK retailers, highlighting the critical need for robust supply chain management and tailored insurance solutions, while considering the implications for business interruption, D&O and Tech PI claims.

Published on October 30, 2025

By Rachel Nestor

Claims Manager - Management & Transactional Liability, Cyber and TMT

4-minute read

A spring and summer of cyber attacks taking aim at some of Britain’s biggest names in business – The Co-Op, M&S, Jaguar Land Rover (JLR) and Harrods to name a few – has highlighted the impact cyber attacks can have on the company impacted, but also on their wider vendor and supply chain.

In recent months there have been a spate of attacks on UK retailers, with The Co-Op recently saying that it has lost over £206m in sales and taken an £80m hit to its profits as a result of its cyber attack in April, where all 6.5m of its members had their data stolen.

JLR was only recently able to fully operate and reopen following its cyber attack in late August. The Cyber Monitoring Centre (CMC) has classed this as a Category 3 (out of 5) event, which is estimated will cost an estimated £1.9bn and be the most economically damaging cyber event in UK history.

In some of these high profile attacks, the cyber criminals may have targeted the helpdesk to gain credentials to access the systems. This is not a new attack vector, but is one of many methods cyber criminals employ to try to gain access to companies’ systems.

With AI now being used increasingly in cyber attacks – whether that’s to help build the malware, oversee the process such as the negotiations or help produce deep fakes of personnel to gain access to systems – these attacks are likely to continue and to keep evolving.

High-profile targets

The fact that these attacks have targeted such high-profile names in British industry shows that even those with large budgets and extensive security operations can be vulnerable to malicious cyber events.

The attacks highlight the importance of ensuring robust supply and vendor chain management to try to limit the repercussions if a member of the chain suffers a cyber incident.

The 20 October 2025 Amazon Web Services (AWS) outage, while not seemingly caused by a cyber attack, also demonstrates how important this is, with the event having affected over 1,000 companies worldwide.

Companies should consider robust vetting of suppliers and vendors in the chain, including asking questions about their insurance provisions and making sure appropriate contracts with indemnities are in place.

In recent weeks, the UK Government has even suggested companies put together offline contingency plans, with ‘pen and paper’ to ensure they remain inaccessible should the worst happen.

Insureds with perishable stock will benefit from discussing coverage with their brokers as insurers may offer endorsements to cyber policies to cover certain perishable stock losses.

Stock coverage

The scale and regularity of attacks should also generate greater discussion around coverage of perishable stock for retail Insureds within their cyber policies.

In particular, whether or not the loss of stock is considered loss of the Insured’s property (meaning it would be considered a property damage claim, which is not normally covered under a cyber policy) or forms part of a business interruption (BI) claim, such that it could be covered under a cyber policy.

Insureds with perishable stock will benefit from discussing coverage with their brokers, as certain Insurers, including Markel, can on some occasions offer Insureds endorsements to cyber policies to cover perishable stock losses in specific situations.

Increases in Directors & Officers and Technology Professional Indemnity claims?

These large public losses have highlighted the cyber risks that companies face on day-to-day basis, and how important it is to invest in detailed prevention processes and mitigation plans.

This could lead to an increase in D&O claims against directors following a cyber attack. If a company suffers a cyber attack, directors could be exposed to claims that they should have been aware of the importance of cyber security, investigated and/or enhanced the company’s cyber security and obtained cyber insurance to mitigate this risk.

This could also lead to an increase in the volume and quantum sought in Technology Professional Indemnity claims against IT providers by companies that have suffered a cyber attack, as these companies are concerned they will face D&O claims if they aren’t being seen publicly to be attempting to seek a large recovery from the IT vendors in such circumstances.

Overall, what the threat landscape so far in 2025 has taught us is the importance of business’ proactivity in developing both risk management procedures and protection mechanisms, as well as contingency plans, and that we as cyber insurers must continue to evolve our offering at pace to remain ahead of the curve in offering clients the most effective coverage.