Stay informed with free updates
Simply sign up to the Cyber Security myFT Digest — delivered directly to your inbox.
Insurers paid out at least £197mn in cyber claims in 2024, more than triple the £60mn paid the previous year, new data shows, as a rise in attacks by cyber gangs hit British businesses.
Companies surveyed by the Association of British Insurers reported sharp rises in claims on cyber insurance policies, a small but fast-growing market, with the share of claims stemming from malware and ransomware attacks rising to 51 per cent of the total, up from 32 per cent of claims the previous year.
The rise in claims came before a string of high-profile attacks earlier this year on large retailers such as Harrods and Marks and Spencer, and on manufacturer Jaguar Land Rover, which was not covered by cyber insurance.
While the sample does not represent all of the UK market, it includes most of the biggest UK insurers, the ABI said.
“Between the first quarter of 2022 and the third quarter of 2025, there has been a steady and continuous rise in [cyber] claims frequency,” said Graeme Trudgill, chief executive of the British Insurance Brokers’ Association.
Login and password credentials sold on the dark web were a key way businesses were being compromised, Trudgill added. “It does not matter if you are at the top of the supply chain or the bottom — you could be a target.”
Attacks have risen in recent years due to heightened geopolitical tensions, cyber security analysts said, as hacking gangs have targeted high-profile companies and infrastructure.
“Some [cyber criminals] go in for the money . . . but they will target organisations in certain countries based on geopolitics,” said Paul Bantick, chief underwriting officer of FTSE 100 insurer Beazley.
Hackers tended to target large and high-profile companies, infrastructure, energy and railway systems, he added, in order to disrupt the economy more broadly.
Criminals had also used artificial intelligence software to design more sophisticated and individually targeted phishing campaigns, Bantick added, a trend that he said took off in 2024.
A government survey published in June found that 45 per cent of UK businesses, and more than 60 per cent of small- and medium-sized companies, had some form of cyber insurance.
However, many cyber insurance products on offer have broad gaps or exclusions that mean businesses are not insured for incidents such as loss of funds due to money transfers, and state-backed attacks.
Industry executives and regulators including Nikhil Rathi, chief executive of the Financial Conduct Authority, have argued that recent incidents point to the need for businesses to purchase more cover.
“We are potentially massively underinsuring,” Rathi said last month in a speech to the City of London Corporation’s annual City dinner, noting the attack on JLR.
Rathi said: “Globally, a fraction of catastrophe and cyber risks are insured . . . and when cover is thin, it hits the [Treasury]. That, along with the impact on livelihoods, drives popular anger.”
Some insurance industry bosses have argued that the government should backstop the market for cyber insurance by offering to cover the biggest losses — such as state-backed cyber attacks that could lead to systemic outages — in order to encourage private insurers to extend the scope of cyber cover.