The UK’s cyber insurance industry faced a dramatic surge in claims in 2024, as payouts more than tripled to £197 million from £60 million the previous year, according to new data from the Association of British Insurers (ABI). The sharp rise reflects a growing wave of cyberattacks that have hit British companies across sectors, from retail to manufacturing, with increasingly sophisticated and costly incidents.
Rising Cyber Threats Across UK Businesses
The ABI’s data — based on reports from leading UK insurers — shows that cyber claims frequency has grown steadily since 2022, reaching unprecedented levels by late 2024.
Malware and ransomware incidents accounted for 51% of all cyber claims, up from 32% a year earlier. These attacks typically involve hackers encrypting company data and demanding payment for its release, often causing significant operational disruption and financial loss.
“The rise has been continuous and consistent since 2022,” said Graeme Trudgill, chief executive of the British Insurance Brokers’ Association (BIBA). “Login and password credentials traded on the dark web are one of the main entry points for criminals. It doesn’t matter where a company sits in the supply chain — anyone can be a target.”
High-Profile Breaches and Business Impact
The data predates several major cyber incidents that hit prominent British firms in early 2025. High-end retailers Harrods and Marks & Spencer, along with carmaker Jaguar Land Rover (JLR), were among the victims of disruptive cyberattacks. Notably, JLR had no cyber insurance coverage, a gap that exposed the company to heavy losses.
Analysts say heightened geopolitical tensions have contributed to the increase in attacks. Cybercriminal groups, some with state affiliations, have shifted their focus toward critical infrastructure and high-value corporations.
“Some groups are financially motivated, but others choose targets based on geopolitical agendas,” explained Paul Bantick, chief underwriting officer at Beazley, a leading FTSE 100 insurer. “We’re seeing attacks aimed at energy networks, rail systems, and other critical industries to maximize economic disruption.”
Artificial Intelligence: A New Tool for Cybercrime
A defining feature of 2024’s cybercrime surge was the use of artificial intelligence by hackers. AI tools have been leveraged to craft highly personalized phishing campaigns — deceptive emails or messages designed to steal data or infiltrate networks.
“These attacks are becoming more convincing and harder to detect,” Bantick said, adding that AI’s integration into cybercrime “took off” last year.
Insurance Coverage Gaps and Industry Warnings
Despite the spike in attacks, many UK companies remain underinsured. A government survey in June 2024 revealed that 45% of all UK businesses, and over 60% of small- and medium-sized enterprises (SMEs), hold some form of cyber insurance. However, experts warn that coverage gaps remain significant.
Typical exclusions include:
- Loss of funds due to fraudulent transfers.
- State-sponsored or politically motivated cyberattacks.
This leaves many businesses vulnerable to massive financial exposure.
Nikhil Rathi, chief executive of the Financial Conduct Authority (FCA), emphasized the risk of underinsurance. “Globally, only a fraction of catastrophe and cyber risks are insured,” he said. “When cover is thin, the costs fall on the Treasury — and the impact on livelihoods fuels public frustration.”
Calls for Government Support and Market Reform
Insurance executives are now urging the government to consider a public backstop for catastrophic cyber risks, similar to terrorism reinsurance schemes. Such a measure would enable private insurers to expand coverage, particularly against state-backed attacks or systemic cyber events that could destabilize the economy.
Industry leaders argue that without government support, insurers will continue to limit exposure, leaving businesses — and ultimately taxpayers — to absorb the fallout of large-scale cyber incidents.
A Growing and Evolving Market
While the UK’s cyber insurance market remains relatively small compared to traditional lines, it is expanding rapidly in response to escalating digital threats.
“The UK market is evolving quickly, but the risks are evolving even faster,” said Trudgill. “Companies must now view cyber resilience not as an IT issue, but as a fundamental part of business continuity.”
As 2025 unfolds, both insurers and regulators are racing to close the coverage gap before the next wave of AI-powered cyberattacks tests the system once again.
