‘There is clear evidence that increasing cybersecurity maturity is having a positive impact on claims activity,’ says leader
UK cyber insurance claims declined 20% between 2023 and 2024, though remained approximately one third higher than the three preceding years.
This was according to figures published today (7 May 2025) by insurance broker Marsh in its UK Cyber Insurance Claims Trend Report 2024, which utilises data submitted by Marsh UK clients.
Despite the overall fall in year-on-year claims, Q3 2024 also saw the second highest recorded claims activity since 2020, due in part to the global outage caused by the CrowdStrike software update on 19 July 2024.
Extortion – including ransomware – proved the primary driver of claims, accounting for 28% of cyber losses. Hostile and accidental data breaches, excluding extortion, made up 17% and system infiltration, excluding extortion, were the next most common claims (7%).
Holly Waszak, UK head of cyber claims advocacy at Marsh, said: “Although the UK cyber claims data remains concerning, there is clear evidence that increasing cybersecurity maturity is having a positive impact on claims activity.
“It is imperative that UK clients continue to bolster their response capabilities and overall adaptability, adopting an enterprise-wide approach to building their cyber resilience.”
Ransomware falls
Meanwhile, ransomware claims fell by 31% between 2023 and 2024.
Read: Insurtech UK backs new national fintech hub
Read: Insurtech sector breathes sigh of relief following SVB UK HSBC rescue deal
Explore more cyber-related content here, or discover other news stories here
Marsh attributed the fall to an “increase in law enforcement activity, stricter global sanctions relating to cybercrime and a fall in the number of organisations opting to pay ransoms when targeted”.
However, the broker also added that such claims remained nearly double the levels seen before 2023.
Helen Nuttall, UK head of cyber incident management at Marsh, said: “UK cyber insurance claims remain consistently high as cyber attackers increasingly exploit supply chains, AI-enabled intrusions and several widespread non-malicious events to breach cyber defences.
“These figures underline the persistent nature of the threat, particularly as claims activity stemmed from numerous small events rather than any single systemic event in the UK.”
No comments yet