Hackers Don’t Sleep. Neither Should Your Insurance
By Craig Gawne, Senior Account Executive
In the risk landscape of 2025, cyber underinsurance is emerging as a pressing strategic threat. At MAC Insurance Brokers we see it as a critical blind spot, one that needs reviewing at boardroom level.
Breaches in the UK Spotlight: Real-World Risks, Real-World Costs
Several high-profile UK incidents this year highlight just how dangerous underinsurance can be:
Marks & Spencer (M&S) suffered a ransomware attack over Easter 2025, shutting down online and click-and-collect services. The incident is expected to cost around £300 million in lost profits and wiped more than £1 billion off its market value. Only part of this damage will be covered by insurance (Reuters, 2025).
Co-op was caught in the same wave, with personal data from 6.5 million members exposed, including names, contact details, and membership numbers (Periculo, 2025).
A cyberattack on Inflite, a contractor tied to the Ministry of Defence, compromised data for 3,700 individuals, including Afghan refugees and UK service personnel. While no government systems were breached, the incident triggered urgent calls for stronger vendor oversight (Financial Times & The Guardian, 2025).
What do the numbers tell us about cyber risk?
The UK’s Cyber Security Breaches Survey 2025 shows that among businesses suffering breaches, the average cost is £10,140, rising to £14,360 for medium and large firms (Gov.uk, 2025). While far lower than headline-grabbing cases, these figures underline how even “smaller” incidents can strain resources and disrupt operations.
Meanwhile, the IBM 2025 Cost of a Data Breach Report (UK edition) highlights the role of technology in resilience. Businesses using AI and automation in their security saved on average £600,000, reducing breach costs from £3.78 million to £3.11 million (IBM, 2025).
Why underinsurance is a strategic liability
- Even “partial” coverage can leave organisations exposed to operational disruption, reputational damage, regulatory penalties, and long-tail costs far beyond policy limits.
- Regulators, boards, and rating agencies are increasingly focusing on cyber governance. Any exposure here is now a signal of a lack of organisational resilience.
- The evolving threat landscape – supply chains, AI exploitation, ransomware – demands modern insurance solutions, not outdated cover.
The path forward
At MAC Insurance Brokers, we believe cyber resilience starts with foresight, not just reactive policies:
- Re-evaluate coverage: Does your policy reflect today’s risk profile, including extended business interruption and third-party cyber liabilities?
- Govern AI adoption: Without proper oversight, the rapid embrace of AI can drive higher breach costs.
- Engage proactively: Use insurers who provide forensic, legal, and reputational support, not just financial indemnity.
- Champion governance: Board-level visibility, AI oversight, and crisis simulation are now essential.
Cyber underinsurance isn’t just a headline, it’s a real challenge reshaping UK business resilience. The organisations that survive will be those who align their insurance programmes with the realities of today’s digital risks.
Want to talk it through?
If you’re unsure whether your current cover is fit for today’s risks, our team can provide a complimentary review of your existing policy to help identify gaps and strengthen your cyber resilience.