Do you need help with Business Continuity or Cybersecurity?
UK businesses faced a dramatic surge in cyber insurance payouts in 2024, with claims soaring by 230% to £197 million. This significant increase, up from £59 million in 2023, is largely attributed to a sharp rise in ransomware and malware attacks, which now constitute over half of all successful claims. The escalating threat landscape highlights the growing sophistication of cybercriminals and the increasing reliance of companies on insurance as a financial safeguard against operational disruption.
Key Takeaways
- Cyber insurance payouts in the UK increased by 230% in 2024, reaching £197 million.
- Ransomware and malware attacks accounted for 51% of all claims in 2024, up from 32% in 2023.
- Demand for cyber insurance policies rose by 17% in 2024.
- High-profile attacks in early 2025 suggest payouts could continue to rise.
The Escalating Threat of Ransomware
The Association of British Insurers (ABI) reported that ransomware and malware infections were the primary drivers behind the surge in payouts. These attacks now represent 51 percent of all claims made by UK organisations in 2024, a significant jump from 32 percent in 2023. This trend underscores the evolving tactics of cybercriminals and the increasing damage these attacks inflict on businesses of all sizes.
Insurance: A Safety Net or a Catalyst?
Cyber insurance is increasingly viewed as a critical component of risk management. Jonathan Fong, head of general insurance policy at the ABI, stated, "The right policy not only supports businesses in the aftermath of an incident but can also help prevent attacks through access to expert advice, threat monitoring, and incident response planning." The number of cyber insurance policies purchased by UK organisations also saw a 17% increase in 2024, indicating a growing recognition of cyber protection as essential.
However, the role of cyber insurance remains a subject of debate. While some argue that insurers drive up security standards by enforcing minimum policy requirements, others express concern that the availability of insurance may inadvertently encourage ransom payments. This has led to discussions about potentially banning insurers from covering extortion payments, though some experts believe such a ban might have limited impact, particularly for large corporations where business interruption costs often dwarf ransom demands.
High-Profile Incidents and Future Outlook
The 2024 figures do not encompass the wave of high-profile cyberattacks that affected major UK firms in early 2025. For instance, Marks & Spencer recently confirmed a maximum £100 million claim on its cyber insurance policy following a significant breach. In contrast, companies like The Co-op and Jaguar Land Rover reportedly lacked comprehensive cyber insurance, highlighting the potential financial devastation when adequate cover is absent. These incidents suggest that future payout figures could see further increases.
The Evolving Role of Cyber Insurance
Experts at the UK National Cyber Security Centre’s annual conference broadly agreed on the constructive role cyber insurance plays in enhancing security. Insurers’ expertise in risk assessment and access to threat intelligence inform policy requirements, often acting as a barrier for businesses unable to meet baseline protection standards. Nevertheless, the debate continues regarding whether the industry inadvertently fuels the cybercriminal ecosystem by facilitating ransom payments.
Sources
- Ransomware fuels 230% increase in UK cyber insurance payouts • The Register, The Register.
- Ransomware Surge Fuels 230% Jump in UK Cyber-Insurance Payouts, The420.in.
- Cyberattacks force nearly £200m in UK insurance claims, Computing UK.
- UK cyber claims soar 230% on ransomware rise, Cybernews.
