Aon has released its 2025 Cyber Risk Report, highlighting the financial impact of cyber events that escalate into reputation-related incidents.
According to the report, companies that experienced such events saw an average 27% drop in shareholder value.
The findings build upon Aon’s 2023 research, which showed an average 9% shareholder value decline following major cyber incidents. The latest report analyzed over 1,400 global cyber events to identify the types of attacks that are more likely to generate reputational consequences and the degree of financial impact when they do.
Out of the 1,414 events reviewed, 56 were classified as reputation risk events, which are defined as cyber incidents that attracted substantial media attention and were followed by a measurable drop in share price. Companies affected by these events experienced an average decline in shareholder value of 27%.
Malware and ransomware attacks were found to be the most likely to result in reputational effects, making up 60% of reputation-related incidents despite representing 45% of total cyber events analyzed.
The report outlines five areas that contribute to value recovery following a cyber event, namely, preparedness, leadership, swift response, communication and change management. These factors were associated with stronger recovery outcomes and reduced long-term impact.
Aon’s analysis also addresses the challenge of insuring reputational risk. While cyber insurance can provide financial protection for certain losses, such as data breaches and operational disruptions, reputational damage is generally not covered. The report notes that organisations with integrated cyber risk strategies, including crisis management planning, tend to be in a stronger position to manage both the immediate and longer-term effects of cyber events.
Brent Rieth, global cyber leader at Aon, said that cyber risk has become a strategic concern and that proactive preparation is necessary to manage both operational and reputational outcomes.
The report uses proprietary data from Aon’s Cyber Quotient Evaluation platform, which supports cyber insurance submissions and offers insight into organisational exposure and readiness.
