27% of SMBs lack cyber insurance.

70% of organizations reported an increase in their insurance costs in the past year.

45% of organizations reported that their cyber insurance policy could be voided if required security controls were not in place.

72% of organizations filed a cyber insurance claim in the past year, marking a 10-point increase from 2024.

97% of organizations indicated that identity-related controls influence their cyber insurance premiums or coverage terms in some way.

86% of organizations reported that their insurers offered premium reductions or credits for their use of AI in security controls.

64% of organizations that experienced a decrease in overall cyber insurance costs in the past year credited AI adoption as a key factor.

46% of organizations that filed claims reported that the incident triggering their claim was either identity-related or caused by a privileged account compromise.

41% of organizations cited Privileged Access Management as the top differentiator in how underwriters viewed their insurability.

Only 33% of cyber insurance policies cover lost revenue, and 45% cover ransomware negotiations or payment.

51% of organizations were required to adopt an insurer’s preferred security solution or appliance to secure coverage.

There was a 230% year-on-year increase in the amount paid out to support UK businesses with cyber-attacks in 2024, amounting to £138 million more than in 2023.

In 2024, £197 million was paid out to UK businesses to help them recover from cyber incidents.

Malware and ransomware accounted for 51% of all cyber insurance claims in 2024, up from 32% in 2023.

In 2024, there was a 17% increase in the number of cyber insurance policies taken out by UK businesses compared to the previous year.

CISO confusion about cyber insurance policy coverage for supply-chain attacks decreased from 58% in 2024 to 43% in 2025.

The percentage of companies constantly re-evaluating tools to improve cyber insurance premiums dropped from 68% in 2024 to 40% in 2025.

Healthcare, retail, and manufacturing remained the most targeted sectors.

In 17.0% of cases since 2019, breaches were first reported by external parties.

Data recovery was triggered as the main driver of loss in 1.3% of claims, triggered with some loss impact in 17.5%, triggered with no loss impact known in 5.0%, and not triggered in 76.2%.