Since 2025, the UK has continued to experience a tidal wave of cyberattacks, and recent high-profile examples affecting well-known retailers including Marks & Spencer, Co-op and Harrods have made it undeniably clear that Britain’s digital threat landscape is still alive and kicking.
Although the number of reported breaches has taken a slight dip in certain industries, the level of sophistication and financial fallout of these attacks continues to escalate, necessitating companies to promptly re-evaluate their strategies and, most importantly, their cyber insurance limits.
According to figures from the government, 43% of UK businesses suffered a cyber breach or attack in the past year. “Our data makes it clear that no-size-fits-all security guidance is ever going to work when it comes to organizations and phishing threats,” says Tim Sadler, CEO of Tessian.
“Micro and small businesses are seeing the number of scams shrink but medium and large businesses are being targeted more than ever before and the bigger you are the more frequently your employees are likely to be hit.” Phishing remains the top method for breaches at 85%, and cybercriminals are using AI to concoct more convincing scams.
The impact on businesses is dire. Aside from the inconvenience of operations being temporarily interrupted with access to files and networks unavailable, the financial implications can be devastating. The typical price tag of a disruptive breach for businesses is £3,550, although the cost of more serious breaches can skyrocket. M&S, for example, was said to be facing potential losses of £300m from a recent attack, some of which may be mitigated by cyber insurance.
The increasing cyber threats only serve to emphasize the importance that now, more than ever, companies need to improve their security posture as well as re-assess the adequacy of their cyber insurance coverage.
A lot of companies, especially small and medium companies, tend to believe that they are too small to become targets, 43% of all cyber attacks actually target small enterprises. Cyber insurance can be a crucial life saver: It covers expenses associated with data recovery, defense of legal claims, notification of customers, public relations, and even business interruption.
But the effectiveness of that social safety net depends on good coverage. Since the average cost of attacks is increasing and new advanced threats are proliferating, organizations need to make sure that the current policy limits that they are maintaining are in line with the financial damage they could expect to suffer. Carriers are keeping an eye on these trends, and while there is still competitive pricing, the market may start to harden.
Outside of insurance, businesses should focus on good cyber hygiene. That means regular risk assessments, holistic cybersecurity policies, strong technical controls such as multi-factor authentication and solid backup procedures, and ongoing employee training to help them resist social engineering.
In the end, a proactive cybersecurity stance and adequate insurance limits are not only no longer optional, but necessary in a world of digital volatility to help the business survive.
