With Black Friday set to trigger a major increase in online spending, insurance experts Everywhen are urging UK consumers and businesses to be on high alert as cybercriminals prepare to take advantage of the seasonal rush.
The National Cyber Security Centre (NCSC) reported that between November 2023 and January 2024, UK shoppers lost £11.5 million to online scams, an average of £695 per person. Everywhen, are warning that this level of financial loss can be devastating for individuals and increasingly costly for businesses handling customer data, with more incidents now resulting in insurance-related consequences.
Everywhen highlights that phishing emails, cloned retail websites and fraudulent delivery messages are becoming more sophisticated around Black Friday and Cyber Monday. The urgency associated with securing a limited-time deal can lead to potentially disastrous split-second decisions, making individuals and employees more vulnerable to fraud, data theft and unauthorised payments.
A spokesperson at Everywhen, said: “Black Friday has become a key period in the cybercrime calendar. The fast pace and excitement around securing a bargain creates the perfect conditions for scammers. One mistaken click can trigger financial loss, compromised data and operational disruption. For businesses, that disruption can very quickly escalate into reputational damage, cash flow pressure and, potentially, the need to fall back on insurance.”
Smaller businesses are often the most at risk, according to Everywhen, with many wrongly assuming they are too small to be targeted or because they lack specialist cybersecurity teams. Yet SMEs handling online payments, customer information or remote workforces are frequently seen by criminals as easier entry points. As cyber incidents increasingly involve data breaches, payment fraud, ransomware and system downtime, the insurance sector is seeing a rise in claims relating to business interruption, recovery costs, legal liabilities and regulatory requirements.
Everywhen also warns that fraudulent retail websites and fake delivery notifications are becoming harder to distinguish from legitimate communications. Once criminals gain access to login details or financial information, they can infiltrate accounts, initiate unauthorised transactions or deploy malware, all of which may carry insurance implications around liability, investigation costs, customer notification and system restoration.
A spokesperson added: “Cyber risk is now a business-wide issue, not just an IT concern. Insurance plays a vital role in resilience, helping organisations to recover, protect cash flow and maintain customer trust after an attack. However, awareness and prevention are just as important. The companies that perform best are those that stay vigilant, communicate clearly with staff and understand their insurance position before an incident occurs.”