Insurers paid £197 million (US$259.2 million) in cyber claims in 2024 for UK businesses – a 230% increase, or £138 million (US$181.6 million) more than in 2023, according to the Association of British Insurers (ABI).
Malware and ransomware alone accounted for 51% of all claims, up from a total of 32% of all claims in 2023, said the ABI, noting that this highlights how sophisticated digital threats are causing more extensive damage, leading to higher payouts.
With cyber threats escalating, demand for protection surged in 2024 with 17% more policies taken out in 2024 than the previous year, “presenting clear evidence that UK businesses are prioritizing protection against evolving digital risks,” ABI said, referring to cyber insurance as an indispensable part of every organization’s risk management strategy.
“Cyber insurance is more than just a financial safety net. The right policy not only supports businesses in the aftermath of an incident but can also help prevent attacks through access to expert advice, threat monitoring, and incident response planning,” commented Jonathan Fong, head of General Insurance Policy at the ABI, in a statement.
“With cyber threats continuing to grow in scale and sophistication, it needs to be a critical component of every organisation’s modern risk management strategy,” Fong said.
“The sharp rise in cyber insurance claims highlights how pervasive and sophisticated cyberattacks have become – and this trend is only set to accelerate,” according to Anton Yunussov, director, head of Cyber Security, Forvis Mazars, in a separate emailed comment about the ABI report.
“The data reflects what we are seeing on the ground: ransomware, phishing, and supply chain attacks are becoming more targeted, often fuelled by AI-generated campaigns that are far harder to detect,” Yunussov said.
“Cybersecurity can no longer be viewed as a technology or compliance issue – it’s a strategic business risk that affects every part of an organization,” Yunussov added.
“The fact that insurers are paying out record sums underlines how costly these incidents have become – not only in financial terms, but in reputational damage and operational disruption,” Yunussov said.
“British companies must take a proactive approach: regularly assess risks, strengthen third-party oversight, and embed a ‘security-first’ culture through training and accountability. Cyberattacks are now an ongoing and inevitable threat to UK businesses,” he continued. “Those that treat cybersecurity as a core strategic priority by investing in prevention, response, and recover, will be far better positioned to withstand the next wave of attacks.”
Warren O’Driscoll, head of Security Practice at the technology services company, NTT DATA UK&I, attributed increasing UK cyber insurance claims “to a perfect storm of overlapping factors,” which include rising geopolitical threats, the industrialization of ransomware services and the leveraging of AI within phishing & social engineering.
“On top of that, we’ve seen numerous vulnerabilities generated by complex supply chains and the procurement-driven need to push for low-cost solutions and services: with heavy use of offshore functions, data access and visibility often cannot be easily verified,” O’Driscoll commented in an emailed statement.
“Cloud-first architectures have offered advantages in cost, speed and information sharing, and also created altered risk management profiles, but this has meant a loss of full visibility of where, when and who can access data,” he said. “Where sensitive or critical data and functions are operated overseas, sovereignty has become a security and resilience issue.”
Further, he added, in the event of a breach, it’s more difficult for the UK government to support recovery and repair for UK enterprises “when the damage has occurred overseas.”
Risk Management Solutions Required
O’Driscoll cautioned that ramping up insurance premiums should not be the answer.
“The solutions instead lie in improved UK regulations, and in better support for insured organizations to strengthen their cyber security maturity,” he said.
Insurers have to reckon with changing risk profiles of their customers in a more dynamic way by developing “a better understanding of their clients’ operational and resilience risks, as well as the quality and location of their supply chain services and solutions,” O’Driscoll said.
“If we do not act, today’s £197 million in payouts will prove to be only a down payment on a much more volatile and expensive period of cyber risks,” he warned.
Was this article valuable?
Here are more articles you may enjoy.
Viewpoint: Beware the Rise in Unproven ‘Brittleness Test’ for Roof Shingle Claims 
Catastrophe Bonds Absorb ‘Black Swan’ Event Dealt by Melissa 
Allstate More Than Triples Q3 Net Income to $3.7 Billion 
Zurich Invests Heavily in Underwriting Talent to Boost Mid-Market, Specialty Growth 
