Overview
Aon’s 2025 Global Cyber Risk Report stands alone in its ability to help businesses make better cyber risk decisions thanks to the unique way we have drawn together data and interpretation across critical cyber security controls, cyber events and the cyber insurance market — globally and by region. Beinsure analyzed the report and highlighted the key points.
Amid escalating cyber risk, Aon’s Cyber Quotient Evaluation (CyQu), our patented global assessment platform, delivered a positive outlook from our responders and showed that companies are overall maturing.
This proved to be particularly true for our enterprise clients. Understanding the need to align cyber insurance to cyber security strategy became more prevalent among large companies, where we also saw greater collaboration across stakeholders, up and down the organization.
Key Highlights from Global Cyber Risk Report
- Cyber insurance premiums fell by an average of 7% in Q1 2025, marking the tenth consecutive quarter of declines for U.S.-based risks. Increased market capacity and competition created favorable conditions for buyers, particularly mid-market firms.
- Cyber claim frequency rose in 2024, with 1,228 incidents reported among Aon’s U.S. broking clients — a 22% year-over-year increase. Despite this, average ransomware payments dropped 77%, reflecting stronger cyber controls and fewer ransom payments.
- Companies with $100 mn to $2 bn in revenue accounted for 52% of cyber claims. Many lacked basic preparedness, such as response plans or full-scope vulnerability scans, leaving them more exposed to business interruption and financial losses.
- Ransomware incidents increased 24% compared to 2023, but only 25% of companies paid ransoms — the lowest rate recorded. While average ransom demands grew to $553,959 in Q4 2024, median payments fell by 45% to $110,890.
- Supply chain security remains a critical concern. Many organizations continue to misunderstand what cyber insurance covers, highlighting the need for broader education and clearer communication across the industry.
Third-party risk continued as a frontline issue across the year, as businesses found it increasingly challenging to protect their supply chains.
And importantly, we observed occasional misunderstandings about what cyber insurance covers – and doesn’t cover — which reflects the need for more education across the industry (see U.S. Cyber Insurance Premium Rates).
Global competition in the cyber insurance sector
Global competition in the cyber insurance sector increased, and pricing for US-based risks declined for the tenth consecutive quarter.
In Q1 2025, the market experienced a further softening, with a 7% reduction in cyber insurance premiums. Current conditions create a favorable environment for businesses of all sizes to secure cyber coverage, especially for middle market firms that remain highly exposed.
Middle market companies accounted for the largest share of cyber claims in the previous year. From a risk management perspective, 55% of these firms have not conducted a cybersecurity tabletop exercise, while 45% have vulnerability scans that assess less than the full scope of their enterprise, according to Global Cyber Insurance Industry Trend.
These gaps heighten exposure to business interruption losses resulting from cyber incidents.
Addressing this requires broader education on cyber risk and a review of operational safeguards. Companies should consider measures such as outsourcing specific security operations or automating vulnerability assessments.
Risk transfer through cyber insurance remains a critical component of any effective strategy to reduce exposure.
The data presented in this report can support internal discussions aimed at strengthening organizational cyber readiness.
Cyber Claims Rise. Payouts Decline
As cyber attacks persisted, the frequency of cyber claims grew across 2024, ranging from ransomware and business interruption to class action litigation and regulatory investigations — resulting in an increasingly complex incident response.
In the U.S., for example, Aon Cyber and Errors and Omissions (E&O) claims data revealed 1,228 reported incidents across broking clients in 2024, reflecting an increase of 22% year over year.
Cyber events or litigation represented most claims, with 776 reported matters in the U.S. — up a third on the previous year — and 320 reported matters in EMEA.
U.S. E&O-Cyber Broking Reported Incident
This increase was driven by a rise in cyber incidents, more organizations acquiring cyber insurance and a heightened regulatory focus on publicly disclosing material events.
Midsized organizations with $100 mn to $2 bn annual revenue filed more claims than any other group, representing 52% of all matters, according to Cyber Insurance Market Outlook for 2024-2034.
Aon analysts observed underinsurance and a lack of basic cyber readiness plans exposed mid-market organizations to significant risk.
U.S. E&O-Cyber Broking Reported Incidents: 2024
Response plans enable organizations to reduce the cost of a breach by an average of almost $500,000, providing reassurance about the effectiveness of these strategies.
Ransomware Persists
Ransomware incidents persisted in 2024, increasing 24 percent versus 2023. Fraud and social engineering remained flat while claims frequency for privacy and data breaches and lost, missing, or stolen data decreased.
Cyber Frequency Trend
Despite the increased frequency of incidents, ransomware payment severity for Aon broking clients declined, likely supported by stronger cyber security controls. The average reported payment amounts also dropped by 77%, helping to maintain a soft market.
The percentage of companies paying ransom dropped to an all-time low of 25%, marking a significant milestone in the fight against ransomware.
While the average ransomware payment trended up in 2024, cresting at $553,959 in the fourth quarter of 2024, or an increase of 16% over the prior quarter.
Meanwhile, median payments, which are typically a more reliable indicator of where the market is heading, are declining. The median ransom payment was $110,890 in fourth quarter 2024, a decline of 45% from the previous three months.
Observed Ransomware Breach Trends
Ransomware payment bans are back on the table as governments contemplate minimizing payments and compelling cybercriminals to cease attacking their countries’ organizations.
Ransomware Victims by Sector
Access claims trended up and down across the year. Access claims arise when threat actors, known as initial access brokers, breach organizations’ networks and sell this unauthorized access to other threat actors, leading to ransomware attacks and malicious activities.
Cyber Risk Insurance Market
Significant, systemic events dominated 2024 with Aon’s Cyber Solutions U.S. data revealing 1,228 reported incidents across Aon’s Cyber Solutions clients — an increase of 22%. Cyber incidents or litigation represented most claims, with 776 reported incidents — up 31%.
Despite increased claims frequency in 2024, insurer loss ratios were not materially impacted, and buyers’ market conditions continued through 2024 for cyber amid a well-capitalized and competitive environment.
Favorable conditions are expected to continue in 2025, supporting growth in emerging cyber markets; however, the juxtaposition of loss trends and a softening market could mean future market volatility. Risk differentiation remains key to favorable renewal outcomes over the long term.”
On average, buyers achieved a 7% premium decrease in Q1 2025, primarily driven by ample capacity, the introduction of new capacity and incumbent insurers being aggressive with renewal terms to maintain their incumbent renewals.
Cyber Premium Changes by Quarter
Premium changes continued to decrease quarter over quarter while ransomware claims frequency was up.
Cyber Monthly Pricing All Layers
The cyber insurance and reinsurance markets maintained solid margins, reinforcing the view that the global cyber sector remains stable despite increased competition and the growing frequency, severity, and sophistication of cyber events.
Competitive pressure has resulted in lower self-insured retentions, reduced premiums, eased sub-limit requirements, and broader policyholder coverage.
Pricing is expected to continue moderating through 2025, with improving conditions across more risk profiles and regions. Despite elevated ransomware activity in previous years, a buyers’ market persists due to available capacity and strong competition. Most markets now offer moderate rate reductions, expanded coverage, and higher limits for risks supported by effective cybersecurity controls.
In the 2025 reinsurance landscape, capital supply from traditional providers continues to exceed current demand.
Alternative capacity—such as insurance-linked securities and catastrophe bonds—has expanded, driven by new risk transfer mechanisms.
This imbalance supported favorable outcomes for buyers during the January renewal period. Reinsurance products and structures are expected to continue evolving as cyber insurers adjust their net exposure strategies based on individual risk appetites.
These trends suggest continued buyer-friendly conditions into the first half of 2025, marked by slightly lower premiums, broader policy terms, and increased flexibility for organizations purchasing cyber coverage.
Cyber Insurance Steers Risk Mitigation
Cyber-attacks continue to represent a growing financial threat, with approximately 75% of successful incidents resulting in direct monetary losses.
- In 2024, the average payment amount declined 77%, and the number of ransomware incidents remained flat, compared to the same period in 2023. Despite frequency increasing year over-year, the severity has declined supported by stronger cyber security controls, so we’ve remained in a soft market.
- Despite a decrease in severity, the increase in frequency necessitates guidance around reporting and navigating notices.
Adoption of cyber insurance is now common and increasingly considered a board-level issue.
Among organizations with 500 to 1,000 employees, 90% hold some form of cyber coverage. Half of these firms maintain standalone cyber policies, while 40% include cyber within broader business insurance programs. Additionally, 25% of Aon clients expanded their coverage limits in 2024.
Tighter underwriting standards require businesses to demonstrate cyber readiness in order to secure coverage. This has led to increased investment in preventative measures, which benefits both insurers and insureds.
Ransomware Severity
Organizations that implemented stronger cyber controls and continuity strategies were better equipped to manage incidents. These preparations allowed for quicker system restoration and data recovery during attacks.
Although the volume of claims rose throughout 2024, the average payment amount declined by 77%. This dynamic—more frequent claims but lower average payouts—supported the continuation of soft market conditions.
FAQ
The report highlights increased cyber maturity among large enterprises, a decline in cyber insurance premiums, rising cyber claim frequency, and a shift in ransomware payment behaviors. It also notes the growing importance of aligning cyber insurance with security strategies.
Premiums decreased by an average of 7% in Q1 2025. This reduction was driven by increased competition, new market entrants, and insurer efforts to retain business through more favorable renewal terms.
Midsized firms with annual revenue between $100 mn and $2 bn accounted for 52% of all reported cyber claims in 2024. These companies often lacked formal cyber readiness plans and adequate insurance coverage.
The drop in payments—down 77% in 2024—resulted from stronger cyber controls, reduced ransom payment rates (25%), and more effective incident response strategies.
Businesses face growing difficulty in securing their supply chains. Third-party environments remain vulnerable, and current risk management practices often fall short, increasing exposure to disruptions and cyber incidents.
Cyber insurance provides financial protection against losses from incidents such as ransomware, data breaches, and litigation. It also encourages stronger cybersecurity practices by requiring companies to demonstrate preparedness during underwriting.
Markets are expected to remain favorable for buyers, with continued premium reductions, expanded coverage, and increased capacity from both traditional and alternative capital sources. However, sustained claim activity may introduce future volatility.
………………
AUTHORS: Brent Rieth – Head of Cyber Solutions (North America), Aon’s Global Cyber Leader, member of Aon’s Cyber Solutions Group, leading its E&O/Cyber brokerage practice for the U.S.
