If you’ve noticed a huge surge in cyber-attacks recently, you wouldn’t be alone. One third of adults in the UK have seen hacking incidents increase in 2025.
Now, official data from the Cyber Breaches Survey estimates that online hacks occur at a rate of one per minute.
And while there’s more public awareness around the importance of cyber-resilience and understanding how to protect your customers’ data online, some businesses may find themselves threatened more often than others.
Including managed service providers (MSPs), over two-thirds (69%) of which are hit by cyber breaches multiple times a year, according to one survey.
What are some well-known cyber-attacks on MSPs?
Some recent high-profile attacks on MSPs have seen both them and their clients subjected to weeks of business interruption...
Earlier this year, hackers successfully targeted M&S’s online systems. They allegedly achieved this by breaching Tata Consultancy Services (TCS) – the MSP in charge of running the retail giant’s IT services.
The attack saw M&S hit pause on its online sales, taking an estimated £300m hit in profit. Customer data was also stolen – including phone numbers and addresses – threatening the well-known retail giant with reputational as well as financial damage.
Months later, customer data belonging to another one of TCS’s clients, The Co-op, was stolen. While ransomware cybercriminals attempted to extort the company, deliveries were forcibly shut down, leading to empty shelves in Co-op’s supermarkets.
Then, in September 2025, a ransomware attack on the tech solutions company Collins Aerospace hijacked critical data and online systems, shutting down online check-in at major European airports (including London’s Heathrow) and causing wide-spread travel disruption.
Why are MSPs such an attractive target for cybercriminals?
MSPs manage the data and IT services for all kinds of vital businesses, from airports and logistics companies, to food and clothing retailers.
Unfortunately, successfully breaching an MSP allows hackers to move around inside their systems, sneakily installing malware and exploiting any software vulnerabilities.
By accessing an MSP’s VPN and remote tools, they can then seize their clients’ personal data, shutting down the business operations of multiple businesses whilst attempting to extract huge ransoms from them in the process.
How can MSPs protect themselves from cybercriminals?
Despite these high-profile attacks, only 45% of UK businesses admit to being insured against cybersecurity risks.
What’s more, a recent survey of MSPs found that almost half (47%) experienced three or more online breaches in the space of a year.
Another worrying trend is that, with the help of increasingly sophisticated AI technology, even amateur hackers can now churn out fully-automated social engineering attacks on MSPs.
More often than not, these are phishing attacks from cybercrims posing as clients or partners, using fraudulent emails and deep fakes to convince employees to click on links from where they can launch malware and ransomware attacks.
But MSPS can be breached in other ways. Through weak passwords and admin credentials, faulty VPNs/software products, and a host of other security vulnerabilities.
Constant monitoring is therefore essential. As well as regular staff training. Especially given that human error apparently accounts for 88% of all data breaches (plus, we all know prevention is better than cure).
The next step is a cyber insurance policy that offers MSPs practical help in a crisis to really take you to the top of your cybersecurity game. We’ll explain how…
How does cyber insurance protect MSPs?
Imagine a cybercriminal has breached your defences, accessed your systems and is wreaking merry havoc on your clients’ data by launching ransomware attacks left, right, and centre.
You could soon have several angry clients coming at you at once, demanding an explanation. Plus, your own stalled systems to sort out in the meantime.
The great value of a cyber insurance policy is that, when called on, it immediately takes the necessary steps to diffuse the problem. First, by calling in tech wizards to stop the attack and fix your systems, as well as negotiators to try and wrangle back any stolen data.
It also appoints PR experts to communicate the breach to your clients and diminish any reputational damage to your business as much as possible. And legal aid to help fight any claims relating to your clients’ data being breached – including any resulting compensation pay-outs.
Plus, with extra cover for financial crime (including social engineering) and business interruption, you can make sure your business survives for as long as it takes to get back on its feet.
How is professional indemnity (PI) insurance different from cyber insurance?
Professional indemnity defends you from claims where clients have questioned the quality of your work. Or have accused you of doing something negligent that's caused them a loss.
For example, if one of your products doesn’t deliver the results they expected. Or if sensitive or confidential data is compromised because of something you, personally, have done (a misfired email landing in their competitors’ hands, for example).
In the end, an act of cybercrime requires careful handling – from a legal, reputational, and technical POV. And while PI is designed to deal with claims involving negligence and delivering a poor service, it can't deal with the damage wrought by cybercriminals.
That said, not many people have the confidence or know-how to square up to hackers…which is why cyber insurance really helps MSPs. It deals with any attack or breach head-on. And provides you with the level of support you need to win back your clients’ trust.
Remote (but reliable) support
Sure, MSPs are often targeted multiple times by hackers. But, fortunately, cyber insurance isn’t a one-time thing either…
Anyone can get flustered on a bad day and accidentally click on a dodgy link…even an online whizz like you. A good cyber policy comes with a 24hr hotline so you can flag the problem up early. And get the support you need straightaway.
You’ll also receive extra training to help keep you and your staff up to speed on the latest social engineering techniques. Including what to watch out for when that so-called ‘partner’ sends you an unexpected email marked 'URGENT'...
Some cyber insurance will also provide aftercare, installing new and improved systems to help protect MSPs from future attacks.
Want to find out more about cyber insurance and other types of cover MSPs could find valuable? Have a read through our cyber insurance and IT business insurance pages. Or call us on 0345 222 5391.
Images ©PolicyBee 2025
cyber insurancecyber liability insuranceinsurance explainedIT and technology