Overview
Systemic cyber security events highlighted the compounded risk stemming from increasing technology interdependencies and how quickly a cyber event can affect organizations, according to Aon`s Global Cyber Risk Report.
This report stands alone in its ability help businesses make better cyber risk decisions thanks to the unique way we have drawn together data and interpretation across critical cyber security controls, cyber events and the cyber insurance market – globally and by region, Beinsure noted.
The World Economic Forum identified supply chain interdependencies as a main factor contributing to the rising complexity of cyberspace in 2025.
A ransomware attack on a major U.S. healthcare payments technology provider compromised the private data of about 190 mn individuals.
Key Highlights
- Cyber insurance claims increased by 22% in 2024, with litigation-related claims up 31%. Despite these increases, the insurance industry absorbed the losses due to stronger program structures, purchasing patterns, and business continuity measures.
- The global average ransomware payment dropped by 77%, reflecting stronger security controls, improved business continuity planning, and more organizations choosing to address incidents without paying ransom.
- Insurer confidence rebounded as clients addressed critical security gaps. Competitive conditions led to premium reductions of about 7% in the U.S. and 15 % in Canada during early 2025, despite rising claims frequency.
- While endpoint security scored highest among clients in the U.S. and Canada, third-party risk and application security remained the weakest domains, underscoring ongoing challenges in managing supply chain vulnerabilities and software security.
A faulty CrowdStrike Cloud software update crashed more than 8.5 mn systems, disrupting global operations for days and affecting commercial flights, hospitals, and financial services. These major incidents drove an increase in cyber insurance claims throughout the year.
U.S. Cyber Solutions broking data recorded 1,228 reported incidents among broking clients in 2024, a 22% rise from the previous year, with cyber incidents and litigation accounting for most claims, increasing by 31%.
Despite the disruption caused by systemic cyber events and the rising number of claims, the financial impact on the insurance industry remained limited because of purchasing trends, changes in program structures, and business continuity planning by insured organizations.
Nevertheless, the industry remains vigilant. The past year’s events were close calls that could have been catastrophic and underscored the risks insurers and organizations must address.
Cyber Insurance Market Competition Intensifies
Organizations approached US cyber risk seriously in 2024. Data from Aon’s Cyber Quotient Evaluation (CyQu) platform showed improvements in client risk scores across key domains.
Insurer confidence improved across many sectors as clients focused on addressing critical “red flag” security controls and domains.
In both the U.S. and Canada, the strongest-performing cyber security domain in 2024 was endpoint security, which includes penetration testing, network environment, and network capacity. Application security and third-party security scored lowest among the domains, Beinsure noted.
U.S. E&O-Cyber Broking Reported Incident
Insurer Confidence Was Restored in Most Industries
Insurer confidence was restored in most industries and on average, U.S. buyers achieved a 7% premium decrease in Q1 2025, while Canadian clients saw a 15% decrease (see Global Cyber Insurance Industry: Emerging Trend).
Underwriting rigor became more established, and clients made great strides improving critical — or red flag — security controls and domains.
Cyber risk insurance claims rose 22%, while ransomware claims payouts declined 77%. The insurance industry had a strong wake-up call but proved immune to the systemic cyber events of the year.
Payment trends and preparedness placed insureds in a more resilient position despite the continued impact of ransomware. The complexity of supply chain risk persisted, and privacy risk ticked up amid an increasingly litigious environment, Beinsure noted.
Cyber Insurance and Cyber Control
7% of clients improved the target time for critical patching, moving from more than seven days to three-to-seven days, and noticeable growth was reported in disaster recover/backups and multi-factor authentication (MFA).
Renewal Clients Critical Controls
6% Improvement YoY Aon Renewal Clients
The Red flags shown are categorized as ‘imperative’ and ‘critical’ as determined by the market conditions – higher criticality weightings are more likely to impact underwriting.
Data for over 1,350 renewal clients in the US. SME ($0-$100M) and Middle-Market ($100M-$2B) account for 78% of the data.
Improvements YoY were noted in:
- 7% of clients improved from target time for critical patching >7 days to 3-7 days
- Disaster Recovery/Backups
- Multi-Factor Authentication (MFA)
When a Cyber Event Becomes a Reputation Risk Event
As with Aon`s research, the findings are derived using a clear, objective definition of reputation risk and proprietary algorithms that can help accurately identify the magnitude of reputational damage, including a shareholder value algorithm that can isolate changes in share price that are caused by company-specific factors from those that are due to market noise.
Aon analyzed 1,414 cyber events reported in the media up to the end of 2024, of which more than 95 percent were of a malicious nature. Beinsure analyzed the report and highlighted the key points, Beinsure noted.
Analysts split these events across five categories, based on the cyber-attack technique involved:
- Malware/Ransomware: Malware damages or disrupts access to a computer system. Ransomware is a type of malware that blocks user access until a ransom is paid.
- Unauthorized Access and Credentials Attacks: Attempts by an attacker to gain user credentials to access networks or systems.
- Human Factors: Cyber events stemming from unintended actions by employees such as falling for a phishing scam or failing to follow security protocols.
- System Exploits: Events in which attackers exploit system vulnerabilities by, for example, injecting malicious code using Structured Query Language.
- Network and System Attacks: Events that aim to compromise the integrity and availability of a system — such as denial of service attacks.
Of the 1,414 cyber events we examined our analysis shows that 56 developed into reputation risk events, causing shareholder value to fall by 27%.
Our findings suggest that some cyber-attack techniques are more likely to become reputation risk events than others.
Malware/Ransomware attacks make up a disproportionate number of the identified reputation risk events, accounting for approximately 60% of reputation risk cyber events but only 45% of all cyber events.
Cyber Attack Techniques – Counts – All Events
Malware and ransomware attacks carried a 20% probability of developing into a reputation risk event, compared with an 8% probability for system exploit attacks, according to Cyber Risk Survey.
For cyber events, as with other types of incidents, large-scale media coverage is most likely when the issues are emotive or considered to be in the public interest. Malware and ransomware attacks fall clearly within these categories.
Although malware and ransomware attacks are the most likely to trigger reputation risk, they do not necessarily cause the most severe impact. In terms of severity, network and system attacks typically caused the greatest damage, with an average 51% decline in shareholder value.
Cyber Attack Technique – Impact
| Cyber Attack Technique | RR Likelihood | Mean SVI* |
|---|---|---|
| Network and System Attacks | 19% | -51% |
| System Exploits | 8% | -31% |
| Human Factors | 12% | -30% |
| Malware | 20% | -28% |
| Unauthorized Access and Credential Attacks | 8% | -25% |
Cyber Attack Techniques – Best/Worst Impact
At the other end of the range — while still representing significant risk — unauthorized access and credentials attacks resulted in an average reduction in shareholder value of 25%.
The Impact of Ransomware Declined
The global average ransomware payment dropped by 77% compared to the same period, as stronger security controls and business continuity planning reduced the effectiveness of attacks.
More organizations chose to withhold ransom payments and instead responded to the incidents directly. At the same time, insurers gained confidence in underwriting ransomware risk.
The industry also took a proactive approach to the growing supply chain risk in 2024, with Aon clients investing in assessments of their cyber exposure across vendors.
However, because of its complexity, third-party risk remained one of the lowest-scoring domains for Aon clients in both the U.S. and Canada.
Cyber Domains – North America Data – Total Score by Domain
Cyber Domains – North America Data – Total Score by Industry
As organizations strengthened their controls, competition soared across the cyber insurance industry.
Despite the increase in claims frequency in 2024 and poor loss development on 2023 claims, buyers’ market conditions continued through the year in a well-capitalized and competitive environment.
On average, U.S. buyers achieved a seven percent premium decrease in Q1 2025.
Cyber Premium Changes by Quarter
The Canadian market saw accelerated softening through 2024 and ultimately realized a 15 percent decrease year-over-year.
Insureds became more sophisticated, harnessing cyber modeling to evaluate their purchasing decisions, determine the appropriate limit levels, and protect their balance sheets.
Aon saw 25% of clients purchase additional limits in 2024
Volatility Heightens and Insurers Act
Intense geopolitical volatility marked the beginning of 2025, and cyber risk is expected to continue rising. In March, the U.S. announced a pause in offensive cyber operations against Russia by U.S. Cyber Command, reducing efforts to counter a key adversary even as national security experts urged the U.S. to expand such capabilities.
China’s espionage and intelligence collection reached a critical point in 2024, with China-linked activity increasing 150% overall and some industries experiencing three to four times more attacks than in the prior year.
This environment places significant pressure on insurers and organizations to respond effectively.
Insurers increases investment in underwriting and risk modeling
Insurance companies are expected to increase investment in underwriting and risk modeling to improve understanding of the risk ecosystem and potential exposures.
Privacy liability remains a key risk for both insurers and organizations. A recent cyber security incident at an education technology company led to unauthorized access to minors’ personal information and exposure of millions of student records.
Privacy Liability and Supply Chain Risk Come to the Forefront
In the U.S., several settlements exceeded $30 mn due to failures in safeguarding customer data. A more punitive climate is emerging, and although less pronounced, Canada is experiencing similar developments.
In previous years, Canadian courts blocked data breach class actions lacking evidence of harm to proposed class members. This trend is shifting.
Allegations in 2024 class action filings included misuse of information and inadequate protection for children and teenagers using online services. Canadian courts continue to evaluate potential new privacy torts.
Insurers should consider adjusting policy structures and advising clients on additional coverage as settlement amounts increase.
Data Breaches and Strengthening Technology Strategies
Strengthening technology strategies and controls for privacy and data breaches, identifying where data resides, and classifying it properly are essential.
Close collaboration between cyber, marketing, and legal teams helps organizations understand their risk and respond in line with regulatory requirements.
New class action lawsuits are likely to emerge as technologies advance, including claims related to “pixels” — code embedded in webpages or online ads that collects user interaction data — which have already led to legal action.
Overall Data Breach Trends
In the first half of 2025, there were approximately 1,732 publicly reported data breaches in the United States, an increase of 11 % compared to the same period in 2024.
These incidents affected around 165.7 mn individuals, although the total number of victims remained lower than in 2024 because there were fewer mega breaches.
| Stat | Value |
|---|---|
| U.S. Breaches H1 2025 | 1,732 (+11%) |
| Affected Individuals H1 2025 | 165.7 mn |
| Cyber-related Breaches | 77.8% |
| Avg. Global Cost per Breach | $4.88 mn |
| Healthcare Avg. Cost | $9.77 mn+ |
| Detection Time | 204 days |
| Containment Time | 73 days |
About 77.8% of breaches were caused by cyberattacks, which exposed the personal data of approximately 114.6 mn individuals.
Globally, the average cost of a data breach rose to about $4.88 mn, marking a 10 % increase over the previous year. In the healthcare sector, the average cost of a breach exceeded $9.77 mn per incident.
Total projected global losses from cybercrime are expected to reach around $10.5 tn by the end of 2025.
In the United States, about 9% of publicly traded companies reported breaches that impacted an estimated 143 mn individuals. Over the past year, breaches in the United States affected approximately 353 mn individuals, a 72% increase compared to two years earlier.
Credential misuse was involved in 86% of breaches, with stolen credentials playing a role in about 31 % of incidents. Cloud environments were implicated in roughly 82% of breaches.
Healthcare experienced significant challenges, with a steady rise in the number and scale of breaches. In June 2025 alone, 70 healthcare-related breaches affected about 7.61 mn individuals, according to HIPAA Journal.
Healthcare Data Breach
The median monthly breach size reached about 4.7 mn records, and some incidents exposed tens of millions of records.
Internationally, one of the largest breaches involved the exposure of 4 bn records from an unsecured database in China, including data from hundreds of millions of users. Another major breach at a financial institution in Iran affected over 42 mn individuals.
On average, organizations took about 204 days to detect a breach and 73 days to contain it. Those that managed to detect and contain breaches within 200 days reduced costs by around $1 mn per incident.
The data for 2025 reflects increasing frequency and financial impact of breaches, growing risk in cloud and healthcare environments, and ongoing challenges in timely detection and containment.
FAQ
Systemic cyber security events are incidents that expose the risks created by growing technology interdependencies and demonstrate how quickly one event can disrupt many organizations. In 2025, these events highlighted how interconnected supply chains, software providers, and critical infrastructure amplified vulnerabilities across sectors.
Notable incidents included a ransomware attack on a U.S. healthcare payments technology provider, compromising the data of about 190 mn individuals, and a faulty CrowdStrike Cloud software update that crashed over 8.5 mn systems worldwide, affecting airlines, hospitals, and financial services. These events drove a significant rise in cyber insurance claims and underscored the scale of potential disruption.
Despite a 22 % increase in claims and a 31 % rise in litigation-related claims, the financial impact on insurers was contained thanks to improved program structures, purchasing behavior, and business continuity measures. Competition in the cyber insurance market intensified, with U.S. buyers achieving average premium decreases of 7 % in early 2025, and Canadian buyers seeing 15 % decreases.
Endpoint security — which includes penetration testing, network environment, and network capacity — scored highest among clients in the U.S. and Canada. In contrast, application security and third-party security remained the lowest-scoring domains, reflecting ongoing challenges in these areas.
Ransomware payments dropped by 77 % as organizations implemented stronger security controls and improved business continuity planning. More companies withheld ransom payments and addressed incidents directly. Insurer confidence in underwriting ransomware risk improved as a result.
Certain types of cyber incidents, such as malware and ransomware attacks, carried a 20 % chance of escalating into a reputation risk event, compared with 8 % for system exploit attacks. On average, network and system attacks caused the most severe impact, reducing shareholder value by about 51 %, while unauthorized access and credentials attacks resulted in an average decline of 25 %.
In the U.S., settlements exceeding $30 mn were increasingly common due to failures in protecting personal data, while Canada also began shifting toward a more punitive legal environment. In the first half of 2025, about 1,732 publicly reported breaches in the U.S. affected around 165.7 mn individuals. Globally, the average breach cost rose to $4.88 mn, and the healthcare sector continued to face particularly high costs and breach frequencies.
……………….
AUTHOR: Brent Rieth – Head of Cyber Solutions (North America), Aon’s Global Cyber Leader, member of Aon’s Cyber Solutions Group, leading its E&O/Cyber brokerage practice for the U.S.
Edited by Oleg Parashchak — CEO & Founder Finance Media Holding
