Estimated reading time: 3 minutes
Aon’s 2025 Global Cyber Risk Report offers a sharp warning: cyber incidents now cut shareholder value by 27% on average — a loss that no boardroom can ignore. The message is clear: a strong cyber risk insurance policy is no longer optional; it’s a frontline defense. Brent Rieth, Global Cyber Leader at Aon, opens the report with urgency: “Understanding your cyber risk and the role of insurance in resilience strategy is critical.” With cyber-attacks growing in scale, cost, and complexity, Aon’s latest data sheds light on what’s changing and what firms must do now.
Let’s break down three key areas explored in the report — ransomware trends, insurance market shifts, and cyber risk controls. The rest of the report is well worth a look — you can access it here.
Ransomware Payouts Decline Amid Rising Claims
The number of reported cyber incidents grew by 22% in 2024. Yet, Aon clients saw average ransomware payments fall by 77%. This paradox suggests that stronger security controls are beginning to take effect.
Mid-sized businesses filed the most claims — over half of all incidents. These organizations were hit hardest by systemic cyber events. A breach at a healthcare payment firm affected 190 million people and disrupted access to care.
The CrowdStrike outage also served as a wake-up call. Over 8.5 million systems crashed globally, impacting hospitals, airlines, and banks.
Interestingly, despite a 24% increase in ransomware attacks, fewer firms paid the ransom. Only 25% of victims agreed to pay, showing that preparedness is paying off. Incident response teams and cyber exercises are making a real difference.
Get The Cyber Insurance News Upload Delivered
Every Sunday
Subscribe to our newsletter!
Cyber Risk Insurance Policy Market Remains Buyer-Friendly
After ten straight quarters of falling premiums, the cyber insurance market remained soft into Q1 2025. Clients saw an average 7% drop in premiums.
Despite more claims, insurers’ loss ratios stayed stable. Competition drove better deals. Broader coverage, higher limits, and relaxed sublimits are now common for firms with good cyber hygiene.
Capital remains abundant. New risk transfer options, such as catastrophe bonds, are helping spread risk. This means favorable conditions should continue into mid-2025.
However, Aon cautions that the gap between rising risks and falling premiums may not last. Insurers may tighten terms if ransomware escalates again.
Raising Red Flags: Cyber Risk Controls and Insurability
Investment in security controls is paying off. Aon clients improved their “red flag” control ratings by 9% year-over-year. Financial and industrial sectors led the way.
Insurers are shifting focus. Instead of rejecting clients based on a single weak control, they assess their overall cyber maturity. This enables larger, well-prepared firms to negotiate more favorable terms.
Privacy and third-party risk controls are top priorities. Regulatory scrutiny is increasing, particularly in the U.S., where class-action lawsuits have surged in the healthcare sector.
Aon urges firms to utilize decision analytics, model systemic cyber risks, and enhance their control posture — not just to obtain insurance but to thrive and survive.
RELATED NEWS:
Cyber Insurance Becoming Buyer-Friendly: Aon. Really & Will It Last? (Opens in a new browser tab)
Major Cyber Incidents Cut Shareholder Value by 9%: AON (Opens in a new browser tab)
