The UK’s cyber insurance sector paid £197m ($258m) to policyholders last year, 230% more than the previous 12 months, according to new data from the ABI.
The industry body calculated the figures from responses to its cyber data collection study, which revealed that insurers paid out £138m ($181m) more last year than in 2023. However, they also issued 17% more policies over the period.
Malware and ransomware accounted for around half (51%) of all claims, up from 32% in 2023.
The ABI claimed that more sophisticated threats are causing more damage, leading to bigger payouts.
“Cyber insurance is more than just a financial safety net. The right policy not only supports businesses in the aftermath of an incident but can also help prevent attacks through access to expert advice, threat monitoring, and incident response planning,” argued Jonathan Fong, Head of General Insurance Policy at the ABI.
“With cyber-threats continuing to grow in scale and sophistication, it needs to be a critical component of every organization’s modern risk management strategy.”
Read more on cyber insurance: Ransomware Resilience Drives Down Cyber Insurance Claims
The insurance sector has often been blamed for an explosion in ransomware attacks over recent years. The argument goes that because threat actors know victim organizations will be compensated for attacks, they continue to target them.
Insurers Demand Resilience
However, efforts have been made to tighten requirements for policyholders, meaning that a baseline of security best practice is typically now required to get coverage.
A July 2024 report from broker Howden claimed that cyber insurance premiums experienced “double-digit price reductions” over the previous year despite a surge in attacks, as organizations adopted “robust risk controls.”
A proposed government ban on ransom payments for public sector and critical infrastructure organizations could lead insurers to increase their requirements in this area, in order to ensure policyholders are more resilient to attacks.
“It’s ironic that cyber insurance has become a viable solution,” argued Ridge Security Technology president, Lydia Zhang.
“Without thorough security testing or a widely accepted industry standard established before setting cyber insurance terms, it opens the door to hackers who can then target organizations with the highest coverage.”
Ilia Kolochenko, CEO at ImmuniWeb, and a fellow at the British Computer Society (BCS), added that some ransomware groups even provide advice for victims on how to avoid mandatory disclosure requirements and payment bans.
“Illicit payments relentlessly and progressively flow into the deep pockets of organized cybercrime, while victims are getting more and more reluctant to report incidents for various reasons,” he argued.
“In many cases, paying a ransom is the only feasible way to continue business operations and avoid bankruptcy.”
The ABI report chimes somewhat with a Marsh study from May which claimed that UK companies filed more cyber insurance claims last year than any other bar 2023.