The Marks & Spencer hack — which might cost the retailer $400 million in profits, erased even more in market cap and could lead to cyber insurance claims of at least $133 million — is just one of three recent hacks of large British retailers. “At some point the increase in frequency and severity — because there are pretty severe attacks — will catch up with the insurance market, and we’ll see a turn [rise in premiums],” Monica Shokrai, head of business risk and insurance at Google Cloud, told Dark Reading, a well-known IT and cyber security news site. Shokrai predicted cyber insurance premiums will climb “relatively” soon. “It’s just how the math works out. We’re watching it really closely,” she said.
Cyber Insurance Premiums Had Been Decreasing
Cyber insurance rates actually decreased by 5% in Q4 of last year, Marsh reported less than a week ago (Fitch recently reported premiums were down 6% in 2024.) Marsh also predicted that due to improving cyber security controls among many insured companies, cyber insurance premiums would likely “remain favorable in 2025, barring unforeseen changes in conditions.” We’ll soon see who’s right about the trajectory of these rates.
Meantime, major IT services provider Tata Consultancy Services (TCS) is investigating whether its failures allowed the attack, public attributed to “human error” by Marks & Spencer. TCS also provides technology services to Co-op, one of the other British retailers recently hacked, although at least one media report says TCS errors are not suspected in that attack.
