Briefing: The true cost of cyber attack losses – and why cyber cover should not be a hard sell

The nights are drawing in, the wind is starting to howl and Halloween is fast approaching. But ask me what is really giving people the chills and it is something far more modern – cyber attacks.

I probably sound like a broken record when it comes to cyber risks. But, frankly, that is a reflection of the growing impact these strikes have on our clients. Cyber attacks are rarely off the newspaper front pages and not a day passes without another revelation of compromised emails, data theft or ransomware.

On 24 September 2025, my Howden colleagues published their annual cyber insurance report, entitled Rebooting growth. This revealed the full horror of the impact of cyber attacks on the European economy.

For example, in the past five years, cyber attacks have cost the UK a staggering £44bn. Think of all the schools, hospitals or airports you could build, fix or expand with that money. Meanwhile, cyber losses across Germany, France, Italy and Spain in the same reporting period are even higher – rising to a staggering €300bn (£261bn).

It is hard to get your head round these fantastical numbers. But this risk is much more than an abstract problem.

Consider this. The UK government’s Cyber security breaches survey 2025, updated in June 2025, showed that more than 600,000 businesses across the UK have been cyber attack targets. And, as we’ve recently seen from some high profile incidents, the consequences of just one event can ripple all the way through the supply chain.

We absolutely have to keep talking about cyber.

Poor penetration

But is talk enough? In October 2025, the National Cyber Security Centre even advised companies to have a plan for working without information technology (IT).

Having started life in an analogue age, the thought of going back to pen and paper is not a nightmare. But for many, it is the ultimate horror show.

As a risk specialist, I am a big fan of back up plans, but I am always surprised why insurance is not a bigger part of this conversation.

The Rebooting growth report depicted one statistic that I find frankly frightening. Despite the UK priding itself on being at the cutting edge of cyber tech, less than 40% of companies in this country actually have any cyber insurance.

Firms cannot just rely on firewalls and the latest anti-virus software. Put it like this – would you drive a car without insurance, even if it was the safest model in the market? No. There should be the same mentality with cyber cover.

Why the hard sell?

The value of cyber protection extends far beyond a basic payout – it is also about preventing and lessening the impact of cyber attacks.

Our aforementioned report found that in Europe, a company with €500m (£434m) in annual revenue could save €16m (£14m) over a decade thanks to a cyber policy. That is an impressive 19% return on investment.

Critically, cyber policies do this by enabling safety conscious behaviour – whether that is promoting better cyber hygiene, from software patching and strong passwords to email filtering, or through incident response expertise. This is priceless for small firms without in-house resources.

We found that proper risk management reduces the cost of a cyber attack by 66% - equivalent to saving €204bn (£177bn) overall across the key European economies.

And here is the thing. This should be an easy sell. We are pushing at an open door. There has never been a better time to buy cyber insurance. Insurers have spent years honing their products, making them simpler.

Howden too has been at the forefront of developing products that cut through the cyber complexity and make it easier for time poor businesses to get the coverage they need with minimum fuss and technical jargon. Furthermore, increasing competition in the sector is making cyber policies cheaper.

So, let’s banish the malware monsters and cyber zombies for good this Halloween.