In 2024, £197 million was paid out to UK businesses to help them recover from cyber incidents.

In 2024, there was a 17% increase in the number of cyber insurance policies taken out by UK businesses compared to the previous year.

There was a 230% year-on-year increase in the amount paid out to support UK businesses with cyber-attacks in 2024, amounting to £138 million more than in 2023.

Malware and ransomware accounted for 51% of all cyber insurance claims in 2024, up from 32% in 2023.

CISO confusion about cyber insurance policy coverage for supply-chain attacks decreased from 58% in 2024 to 43% in 2025.

The percentage of companies constantly re-evaluating tools to improve cyber insurance premiums dropped from 68% in 2024 to 40% in 2025.

39% of business and tech leaders prioritise changes in cyber insurance policies in response to the current geopolitical landscape.

In 2023, victims paid on average 39.1% of the initial ransom demand.

Businesses typically required around two full months to restore operations following a ransomware attack.

Companies with revenues between $750M and $2B had an average relative frequency of large claims on primary policies of 1.80.

Companies with revenues above $2B had an average relative frequency of large claims on primary policies of 1.86.

Healthcare, retail, and manufacturing remained the most targeted sectors.

Average initial ransom demand (based on all cases with ransom demand) in 2021: $17.39 million.

Between 2019 and 2023, other sectors experienced large losses primarily from ransomware (53.1%), followed by data breaches (25.0%) and other causes (21.9%).

Companies with revenues between $250M and $500M had an average relative frequency of large claims on primary policies of 1.19.

Vendor-driven cyber insurance claims notifications fell from 37% to 26% of all claims, representing a 30% drop.

Data recovery was triggered as the main driver of loss in 1.3% of claims, triggered with some loss impact in 17.5%, triggered with no loss impact known in 5.0%, and not triggered in 76.2%.

Business interruption coverage was triggered in 17.5% of all claims, occurring more frequently in excess claims(23.3%) than in primary claims (15.1%).

Privacy and cyber security coverage was triggered in 13.2% of all claims, with a higher prevalence in excess claims(22.2%) compared to primary claims (9.4%).

In 49.2% of large ransomware claims, attackers gained access by exploiting system vulnerabilities.