Assured Reacts: UK Cyber Insurance Claims Tripled in 2024 According to the ABI

Assured’s Head of Broking Reacts:

That £197m figure seems low, which is indicative of the reality that many businesses remain uninsured.

It’s also worth considering that the coverage limits businesses are purchasing are often insufficient. If you look at the M&S incident, their loss was significantly over £300m, but they’d only purchased £100m of cover. The statistics presented by the ABI refer to the payouts, not the level of loss.

The ongoing impact of some of these cyberattacks, from both a reputational and operational perspective, extends far beyond the policy period. So, where insurers are paying out the full amount that they’re insuring their client for, the loss sometimes exceeds the limit of liability if the cover didn’t reflect the potential risk. So this data is representative of the claims that have been paid out, but not representative of the sheer size of cyber risk. What it’s telling us is that businesses are still underinsured and should consider purchasing more coverage.

We’ve recently seen more insurer capacity entering the market, with three new entrants emerging within a month. High-profile incidents have sharpened the minds of boardroom executives and accelerated the uptake of interest in cyber insurance. We anticipate that the trend of increased cyber insurance payouts, as presented in the ABI data, will continue.

We are currently firmly in the buyer comfort of a soft market: rates are low and coverage is broadening as insurers compete fiercely for new business. These conditions are unsustainable, and from experience we know that widespread incidents (hello, 2025!) and coverage creep (when insurers broaden coverage terms to win business) will likely trigger a hardening of the market.