27% of SMBs lack cyber insurance.

41% of organizations cited Privileged Access Management as the top differentiator in how underwriters viewed their insurability.

70% of organizations reported an increase in their insurance costs in the past year.

45% of organizations reported that their cyber insurance policy could be voided if required security controls were not in place.

72% of organizations filed a cyber insurance claim in the past year, marking a 10-point increase from 2024.

46% of organizations that filed claims reported that the incident triggering their claim was either identity-related or caused by a privileged account compromise.

97% of organizations indicated that identity-related controls influence their cyber insurance premiums or coverage terms in some way.

86% of organizations reported that their insurers offered premium reductions or credits for their use of AI in security controls.

64% of organizations that experienced a decrease in overall cyber insurance costs in the past year credited AI adoption as a key factor.

51% of organizations were required to adopt an insurer’s preferred security solution or appliance to secure coverage.

Only 33% of cyber insurance policies cover lost revenue, and 45% cover ransomware negotiations or payment.

In 2024, there was a 17% increase in the number of cyber insurance policies taken out by UK businesses compared to the previous year.

Malware and ransomware accounted for 51% of all cyber insurance claims in 2024, up from 32% in 2023.

There was a 230% year-on-year increase in the amount paid out to support UK businesses with cyber-attacks in 2024, amounting to £138 million more than in 2023.

In 2024, £197 million was paid out to UK businesses to help them recover from cyber incidents.

The percentage of companies constantly re-evaluating tools to improve cyber insurance premiums dropped from 68% in 2024 to 40% in 2025.

CISO confusion about cyber insurance policy coverage for supply-chain attacks decreased from 58% in 2024 to 43% in 2025.

Vendor-driven cyber insurance claims notifications fell from 37% to 26% of all claims, representing a 30% drop.

In 17.0% of cases since 2019, breaches were first reported by external parties.

Between 2019 and 2023, other sectors experienced large losses primarily from ransomware (53.1%), followed by data breaches (25.0%) and other causes (21.9%).