M&S insurance payout to be worth up to £100m after cyber attack

The M&S insurance pay out following its cyber attack could be worth up to £100mn, people familiar with the matter told the Financial Times.

The food and fashion specialist is preparing to file an insurance claim after confirming that personal customer data was stolen as part of the ongoing attack yesterday (13 May).

The retailer assured customers that the stolen data did not include payment details, card information, or account passwords, and there was no evidence that the data has been shared.

The supermarket’s cyber policy enables it to claim for up to £100m for breaches and includes first-party and third-party losses, sources familiar to the situation said.

They noted that financial services firm Allianz would be the first insurer in line to pay for its losses, and was expected to at least cover the first £10m. They added that insurance firm Beazley was also exposed to its losses.

M&S, Allianz and Beazley declined to comment on the matter.

M&S could have lost sales to date worth over £60mn, based off extrapolation of its average online daily online revenues.

The retailer’s cyber insurance cover, arranged by WTW, is thought to pay out in full, according to a senior market participant, even if the breach was related to a vulnerability with one of M&S’s third-party vendors. WTW declined to comment.

Sources familiar with the matter explained that the business’s annual insurance premium, which currently sits below £5mn, could as much as double once the policy is renewed if M&S does not show insurers that it has improved its risk management practices.

Click here to sign up to Retail Gazette‘s free daily email newsletter