"Marks & Spencer: third-party breach chaos
In spring 2025, M&S's contractor was compromised. Online services as well as store deliveries were disrupted for weeks, losses piled into the hundreds of millions, and reputational trust took a beating. Cyber insurance is expected to cover up to £100M of the damage. Lesson? Even giants fall via vendors. the same applies to SMEs with outsourced IT or SaaS dependencies.

United Natural Foods: food supply disruption
US wholesaler UNFI was hit by a cyberattack that disrupted distribution and generated massive operational costs. They expect cyber insurance to soften the financial blow. For SMEs, it's a reminder: you don't need customer data to bleed money. business interruption kills just as fast.

Kering (Gucci/Balenciaga/Alexander McQueen): luxury data breach
Hackers claimed access to luxury client data in June 2025. Even without confirmed financial data loss, the reputational costs, notifications, and legal wrangling are huge. SMEs face the same playbook when customer trust is shaken.

UK retail cluster: ripple effects
After M&S, Co-op, and Harrods all saw incidents, UK boards scrambled mid-term to raise cyber budgets. SMEs should see the pattern: one breach shifts the entire market. Waiting until renewal can leave you under-insured.

Farmers Insurance: supply-chain breach
A vendor (Salesforce-related) exposed millions of records. Big brand, yes. but it's the supply chain exposure that matters. SMEs ride on the same SaaS rails as everyone else; if your SaaS goes down, your business is still accountable.

Macro 2025 data: fewer claims, nastier hits
Industry stats: total cyber claims dipped in 2025, but severity spiked. Translation? Attacks are rarer but harder and more expensive. Insurance is now about resilience to catastrophic events, not "little hacks.""