The cost of a cyberattack extends far beyond any immediate mitigation expenses or ransoms paid.
Reputational costs and dipping stock values can be a significant portion of losses, according to the new Aon Global 2025 Cyber Risk Report. Reputation risk events can cause shareholder value to fall by an average of 27%, according to Aon — and reputation risks are nontransferable.
The Growing Cyberattack Severity
In 2024, the frequency of reported cyber incidents was up 22% on the previous year. The 776 reported cyber incidents or litigation represented the most claims, an increase of 31% year over year, ranging from ransomware and business interruption to class action litigation and regulatory investigations. In the U.S., for example, Aon cyber and errors and omissions (E&O) claims data revealed 1,228 reported incidents across broking clients in 2024, reflecting an increase of 22% year over year.
While ransomware claims frequency increased, the average ransom payment amount for Aon broking clients declined by 77%. Midsized organizations filed more cyber claims than any other group—over half of all incidents.
Reputation Risk Factors
Damage to brand or reputation is a top risk facing organizations globally today, according to Aon’s latest Global Risk Management Survey (GRMS) and has been one since 2007.
Specific cyberattack techniques are more likely to become reputation risk events than others, the Aon report stated. Malware/ransomware attacks make up a disproportionate number of the identified reputation risk events, accounting for approximately 60% of reputation risk cyber events but only 45% of all cyber events.
Malware attacks are the most common (57% of all) and have a high propensity to have a reputational impact (20% likelihood) and a high impact (-28% on average). A system exploits attack, in comparison, has just an 8% chance of reputational impact.
For cyber events, there is also a likely large-scale media pickup when there are opportunities for consumers impact or outrage or issues that could be deemed to be in the public interest. The Aon report analyzed 1,414 cyber events reported in the media up to the end of 2024, of which more than 95% were malicious. Of the 1,414 cyber events, analysis showed that 56 developed into reputation risk events, causing shareholder value to fall by 27%.
However, reputation risk is one of a growing number of risks that are either uninsurable or only partially insurable. Prevention and management are critical to avert reputation risk and its associated costs.
Mitigating Cyber Losses
Prioritization of controls and red flags continued to change in 2024, with privacy-oriented, third-party and supply chain controls emerging as new areas of interest for insurance. According to the report, Aon clients who invested in security controls reported a 9% improvement in critical — or ‘red flag’ — controls, which can impact insurability. Organizations across sectors continued to invest in and improve their critical controls over the course of 2024.
Insurance carriers are also becoming more sophisticated in their risk underwriting and are more focused on the overall cyber maturity profile and an organization’s narrative around specific controls. This new climate was driven in part by intense global cyber insurance market competition and is expected to continue into 2025.
Topics Aon
Was this article valuable?
Here are more articles you may enjoy.
Father, Two Sons Charged With Defrauding North Carolina Insurer of Last Resort 
‘Abolishing FEMA’ Memo Outlines Ways for Trump to Scrap Agency 
AT&T’s $177M Data Breach Settlement Wins US Court Approval 
DC Sues 4 Drivers With 1,000 Outstanding Traffic Violations 
