Some £197m was paid out by insurance companies for recovery from cyber incidents in 2024, according to the UK trade association the ABI (Association of British Insurers).

Data from firms taking part in the ABI’s cyber data collection showed a 230 per cent year-on-year increase in the amount paid out for cyber-attacks, £138m more than in 2023. Malware and ransomware accounted for about half (51pc) of claims. The ABI notes that with cyber threats escalating, demand for protection rose in 2024. Some 17pc more policies were taken out in 2024 than the previous year.

Jonathan Fong, Head of General Insurance Policy at the ABI, said: “Cyber insurance is more than just a financial safety net. The right policy not only supports businesses in the aftermath of an incident but can also help prevent attacks through access to expert advice, threat monitoring, and incident response planning. With cyber threats continuing to grow in scale and sophistication, it needs to be a critical component of every organisation’s modern risk management strategy.”

The ABI pointed out that its figures were from member firms and a sample of the overall UK cyber insurance market.

Comment

Dr Ilia Kolochenko, CEO at ImmuniWeb, and a Fellow at the British Computer Society (BCS), said: “While the numbers are self-explanatory, there is a very interesting and hidden detail here. Many recent reports on ransomware – published by both public and private sector entities – boldly state that companies around the globe pay less and less ransom. In my experience, this is very far from being the truth.