Cyber criminals targeted several major retailers in a series of attacks during April and May that disrupted services, exposed customer data, and forced companies to rethink their cybersecurity strategies. And in late August, Britain’s biggest carmaker Jaguar Land Rover (JLR) was forced to halt production after its manufacturing and retailing activities were “severely disrupted” by a cyber-incident.
The M&S, Co-op and Harrods attacks
M&S suffered a highly sophisticated ransomware attack over the Easter weekend that disrupted key services, including its click and collect orders and contactless payment systems. It was forced to suspend all online orders and shut down its automated stock management systems, which led to widespread stock shortages in stores.
The reputational and operational fallout was immediate. M&S confirmed that the attackers accessed some customer data – including names, addresses, and order histories – but assured customers that no payment details or passwords were compromised. Chief executive Stuart Machin issued a public apology, stating that every effort was being made to restore services and support affected customers.
Just days after the M&S breach, Co-op also suffered an attempted ransomware attack. Co-op’s IT security team detected the intrusion early and took swift action by taking some systems offline before the ransomware could be fully deployed. As a result, store operations and the website continued running with minimal disruption, but the attackers had already accessed internal systems days earlier and managed to steal customer and employee data.
Harrods was the third UK retailer to report a cyber incident, confirming attempts to gain unauthorised access to its systems. The company’s IT team responded quickly by restricting internet access and shutting down select internal systems as a precaution. Asa result there was minimal impact to Harrods’ stores or online operations.
The JLR incident
The cost to M&S is estimated at £300 million, the Co-op at £100 million and Harrods at £30 million, but the JLR incident was on an altogether greater scale. The cyber-attack forced it to turn off computer systems in the UK, Slovakia, India and Brazil, which then had to be rebuilt in stages.
In the meantime, its factories were closed for over a month, creating chaos for customers, retailers, and suppliers. The cost in lost revenue to the JLR could total more than £2 billion and the interruption of production threatened not just its 30,000 direct employees but the 200,000 people in its supply chain.
Following the announcement of JLR’s attack in September, it was reported that the group of hackers behind M&S, Co-op and Harrods may have also been behind JLR’s incident. The gang made the claims on a Telegram channel called Scattered Lapsus$ Hunters, which is a combination of three English language speaking, hacking groups known as Scattered Spider, Lapsus$ and ShinyHunters.
M&S said it expected that the estimated £300 million bill it was facing from the disruption would be largely offset by the cyber insurance cover it had taken out. However, according to The Insurer, three insurance sector sources had confirmed that JLR had “failed to finalise” a cyber insurance deal before it was struck and may face footing the bill for the hacking by itself.
What could Cyber Insurance have done?
Cyber insurance is now an essential part of any business’s security. It helps you to cover the costs of a cyber-attack and improve cybersecurity, by helping to detect issues early, prevent cyber-attacks from happening and respond and recover if the worst happens.
Most cyber insurance policies will cover the first-party and third-party financial and reputational costs if data or electronic systems have been lost, damaged, stolen or corrupted.
First-party cover generally includes the cost of:
- Expert cybercrime investigation
- Data recovery
- Systems restoration
- Reputation management
- Extortion payments
- Legal guidance
- Notification costs if you are required to notify third parties.
Some cyber insurance policies also offer cyber business interruption insurance, which may provide financial support for income loss, as well as cover for system repair and data recovery, costs for customer notification, credit monitoring and other regulatory obligations.
Third-party coverages offer protection from claims made against you, including paying damages and settlements, and the cost of legally defending yourself against claims of a data breach. This might include an investigation launched against your business by a regulator or government authority.
Could this happen to you?
If your business uses, sends or stores electronic data, you may benefit from cyber insurance. Whether that data belongs to the business or is sensitive customer information, it is vulnerable to cyber-attacks from malware, ransomware or hacking.
Certain sectors are more vulnerable to cybercrime and will therefore require a higher level of coverage. Companies that hold large numbers of personal records, such as in finance or healthcare, are at greater risk. And small and medium size businesses are more frequently targeted than major brands, due to limited cybersecurity defences.
If your business uses or relies on any of these, you’re potentially vulnerable:
- A customer database or Customer Relationship Management (CRM) system.
- Cloud-based tools (e.g. Google Workspace, Microsoft 365).
- Online payments.
- Remote teams or hybrid working environments.
- Company email accounts.
- Online booking or e-commerce systems.
- Suppliers with digital access to your systems.
By putting the right processes in place, you can safeguard your small business. Fortunately, there are some simple ways to improve your cyber security, stay protected and prevent cyber-attacks:
How to prevent or mitigate cyber-attacks
Fortunately, there are effective and affordable ways to reduce your organisation’s exposure to the more common types of cyber-attack.
- Education and awareness – provide staff with regular training in cyber security principles, such as locking their computers, regularly changing passwords, and not opening suspicious files or links. Staff should understand their role in keeping your organisation secure and report any unusual activity.
- Boundary firewalls and internet gateways – establish network perimeter defences, particularly web proxy, web filtering, content checking and firewall policies to detect and block executable downloads, block access to known malicious domains and prevent users’ computers from communicating directly with the Internet.
- Control access data –restrict the functionality of every device, operating system and application to the minimum needed for business to function, ensure that an appropriate password policy is in place and followed, and limit normal users’ execution permissions and enforce the principle of least privilege.
- Antivirus software – install and regularly update antivirus and antispyware software, use firewalls for your internet connection, secure Wi-Fi networks with passwords, and keep the software for your operating systems and applications updated.
- Security incident management – put plans in place to deal with an attack as an effective response will reduce the impact on your business.
How Sovereign Insurance Services can help
Cybercrime has the potential to cause operational, financial and reputational damage to businesses of any size, from a sole trader to a multinational.
Securing cyber insurance coverage for your business is like having insurance against physical risks and natural disasters. Cyber insurance provides a crucial safety net, offering financial protection and priority access to cyber incident response experts in times of crisis.
It is essential that your cyber insurance policy aligns and enhances the security measures and technologies that you have already put in place. Sovereign provides cyber insurance tailored for businesses of all sizes. We help clients assess their risks, choose the right level of cover, and respond effectively in the event of a breach.
For more details contact Jade Hazleton Drake at jh*******@************up.com