The UK Cyber Insurance Claims Trend Report 2024 is based on data from Marsh UK clients and outlines key patterns in cyber risk and claims activity. The report attributes the 2023 spike in claims to events such as the MOVEit data breach, which led to an increase in ransomware incidents.
Although overall claims decreased in 2024, the third quarter of the year saw a 14% increase over Q3 2023, marking the second-highest level of claims activity since 2020. The uptick was partially driven by the widespread impact of the CrowdStrike software update failure on July 19, 2024.
Ransomware claims declined by 31% compared to 2023 but remained about twice as high as the levels recorded between 2020 and 2022. Marsh linked the decrease to a combination of factors including heightened law enforcement actions, tighter international sanctions, fewer organisations choosing to pay ransoms, earlier detection of attacks, and growing tolerance among victims to being publicly named.
The report also noted that, while the total amount paid in ransomware settlements increased in 2024, negotiations typically resulted in final payments reduced by more than 60% from initial demands.
Helen Nuttall (pictured), UK head of cyber incident management at Marsh, said claims levels remained high, with cyber attackers taking advantage of supply chain vulnerabilities, AI-enabled attacks, and several non-malicious incidents to breach systems.
Ransomware and other extortion-based threats were the leading cause of cyber-related insurance claims in the UK last year, accounting for 28% of reported cases. Data breaches made up 17%, while system infiltration incidents – not classified as extortion or data breaches – represented 7%.
Marks & Spencer (M&S) faced a substantial cyberattack over the Easter weekend of 2025, attributed to the hacker group Scattered Spider. The attack disrupted IT systems, including online ordering and payment services, leading to estimated weekly losses of £40 million in sales.
Similarly, the British Library suffered a ransomware attack in October 2023 by the group Rhysida, resulting in the theft and public release of approximately 600GB of data. The institution allocated around £6 million to £7 million from its reserves for recovery, underscoring the financial impact of such cyber incidents.
On a broader scale, a global IT outage in July 2024, linked to a failed software update from CrowdStrike, affected over eight million devices and disrupted various industries. Early estimates suggest that insurance losses from this event could exceed US$1 billion, marking it as one of the most significant cyber insurance losses since the NotPetya attacks in 2017.
What are your thoughts on this story? Please feel free to share your comments below.
