If you’ve noticed a huge surge in cyber-attacks recently, you wouldn’t be alone. One third of adults have seen hacking incidents increase in 2025.
Now, official data from the Cyber Breaches Survey estimates that online hacks occur in the UK at a rate of one per minute.
And while there’s more public awareness around the importance of cyber-resilience and understanding how to protect your customers’ data online, some businesses may find themselves threatened more often than others.
Including managed service providers (MSPs), 69% of which, according to one survey, are hit by cyber breaches multiple times a year.
What are some well-known cyber-attacks on MSPs?
Some recent high-profile attacks on MSPs have seen them and their clients subject to weeks of disruption...
Earlier this year, hackers successfully targeted M&S’s online systems. They allegedly achieved this by breaching Tata Consultancy Services (TCS) – the MSP in charge of running the retail giant’s IT services.
The attack saw M&S hit pause on its online sales and take an estimated £300m hit on its profit. Customer data was also stolen – including phone numbers and addresses – threatening the well-known retail giant with reputational as well as financial damage.
Months later, customer data belonging to another one of TCS’s clients, The Co-op, was stolen. While ransomware cybercriminals attempted to extort the company, deliveries were forcibly shut down, leading to empty shelves in Co-op’s supermarkets.
Then, in September 2025, a ransomware attack on the tech solutions company Collins Aerospace hijacked critical data and online systems, shutting down online check-in at major European airports (including London’s Heathrow) and causing wide-spread travel disruption.
Why are MSPs such an attractive target for cybercriminals?
MSPs manage the data and IT services for all kinds of vital businesses, from airports and logistics companies, to food and clothing retailers.
Unfortunately, nefarious hackers know that successfully breaching an MSP allows them to move around inside their systems, sneakily installing malware and exploiting any software vulnerabilities.
By accessing an MSP’s VPN and remote tools, they can then seize their clients’ personal data, shutting down multiple business operations and attempting to extract huge ransoms from them in the process.
How can MSPs protect themselves from cybercriminals?
Despite these high-profile attacks, only 45% of all UK businesses admit to being insured against cybersecurity risks.
What’s more, a recent survey of MSPs found that almost half (47%) experienced three or more online breaches in the space of a year.
Another worrying trend is that, with the help of increasingly sophisticated AI technology, even amateur hackers can now churn out fully-automated social engineering attacks on MSPs.
More often than not, these are phishing attacks from cybercrims posing as clients or partners, using fraudulent emails and deepfakes to convince employees to click on links from where they can launch malware and ransomware attacks.
Continuous monitoring is therefore essential. As well as regular in-house staff training – especially given that human error apparently accounts for 88% of all data breaches (plus, we all know prevention is better than cure).
The next step is a cyber insurance policy that can offer practical help in a crisis and really take you to the top of your cybersecurity game. We’ll explain how…
How does cyber insurance protect MSPs?
Imagine a cybercriminal has breached your defences, accessed your systems and is wreaking merry havoc on your clients’ data by launching ransomware attacks left, right and centre.
You could have several angry clients coming at you at once, demanding an explanation. Plus, your own stalled systems to sort out in the meantime.
The great value of a cyber insurance policy is that, when called on, it immediately takes the necessary steps to diffuse the problem. First, by calling in tech wizards to stop the attack and fix your systems, as well as negotiators to try and wrangle back any stolen data.
It also appoints PR experts to communicate the breach to your clients and diminish any reputational damage to your business as much as possible. And legal aid to help fight any claims relating to your clients’ data being breached – including any resulting compensation pay-outs.
Plus, with extra cover for financial crime (including social engineering) and business interruption, you can make sure your business survives the fallout.
How is professional indemnity (PI) insurance different from cyber insurance?
Professional indemnity defends you from claims where clients have questioned the quality of your work. Or have accused you of doing something that's caused them a loss.
For example, if one of your products doesn’t deliver the results they expected. Or if sensitive data is compromised because of something you, personally, have done (a misfired email landing in their competitors’ hands, for example).
In the end, an act of cybercrime requires careful handling – from a legal, reputational, and technical POV. And while PI is designed to deal with claims involving negligence and delivering a poor service, it can't deal with the damage wrought by cybercriminals.
That said, not many people face up to hackers willingly…which is why cyber insurance is such a hero. It deals with any attack or breach head-on. And provides you with the level of care and attention you need to win back your clients’ trust.
Remote (but reliable) support
Sure, MSPs are often targeted multiple times by hackers. But, fortunately, cyber insurance isn’t a one-time thing either…
Anyone can get flustered on a bad day and accidentally click on a dodgy link…even an online whizz like you. A good cyber policy comes with a 24/hr hotline so you can flag the problem up early. And get the support you need straightaway.
You’ll also receive extra training to keep you and your staff up to speed on the latest social engineering techniques. Including what to watch out for when that so-called ‘partner’ sends you an unexpected email marked URGENT...
Some will also provide aftercare, installing new and improved systems to help protect you against future attacks.
Want to find out more about cyber and other products? Have a read through our cyber insurance and IT business insurance pages. Or call us on 0345 222 5391.
cyber insurancecyber liability insuranceinsurance explainedIT and technology