UK insurers paid out at least £197 million in cyber-insurance claims in 2024 — more than triple the £60 million recorded in 2023, according to data released by the Association of British Insurers. The figures point to an acceleration in the cost of digital breaches, from ransomware attacks to data theft, across all sectors of the UK economy.
The ABI said the jump in payouts reflected a combination of greater awareness of cyber risks, higher levels of coverage, and more complex incidents leading to larger claims. It marks the sharpest year-on-year rise in cyber-insurance activity since the trade body began tracking the data. The organisation described cyber risk as an increasingly costly and sophisticated challenge for companies, adding that insurance “plays a key role in helping businesses recover”.
Research from the broker Marsh offered a contrasting view of overall claims frequency. Its UK Cyber Insurance Claims Report 2024 found that the total number of claims fell by around 20 per cent compared with 2023, following a spike the previous year. However, Marsh noted that the average size of individual claims increased significantly, keeping overall costs at a high level. The report said UK cyber claims decreased by 20 per cent in 2024 but remained around one-third higher than in 2020, 2021 and 2022.
The differing figures highlight the fragmented nature of cyber-insurance reporting in the UK, where coverage levels and definitions of a cyber incident vary between providers. Nonetheless, both indicators confirm a sustained rise in losses linked to digital disruption. Analysts warn that the surge in payouts could drive tighter underwriting conditions and higher premiums in 2025. Insurers are expected to scrutinise clients’ cybersecurity measures more closely, particularly in sectors with large volumes of sensitive data or complex supply chains.
Small and mid-sized businesses remain a concern. Government data shows that only around 43 per cent of UK companies have any form of cyber-insurance protection, leaving most without financial cover for incidents that can cause significant operational downtime and reputational damage. The rise in claims is expected to reinforce cyber risk as a board-level issue. As incidents grow in cost and frequency, directors are under pressure to integrate cybersecurity into enterprise-wide risk management frameworks rather than treating it as a technology problem.
For insurers, the challenge will be to balance sustainable premiums with realistic coverage, particularly as threat actors adopt more advanced methods and attack automation becomes more common. The ABI said insurance should be viewed as part of a broader resilience strategy, not a substitute for strong security practice.
