Insurers paid out £197 million in cyber claims to UK businesses in 2024, marking a 230% increase from the previous year, according to data released by the Association of British Insurers (ABI) on Monday.
The figure represents a rise of £138 million compared with 2023, with malware and ransomware accounting for 51% of all claims. The proportion of claims from these attacks increased from 32% in 2023, underscoring the growing impact of sophisticated digital threats on British businesses.
Demand for cyber insurance also rose alongside the escalating threat, with policies taken out in 2024 increasing 17% year on year. The data, collected from participating ABI member firms, represents a sample of the UK cyber insurance market.
“Cyber insurance is more than just a financial safety net,” said Jonathan Fong, head of general insurance policy at the ABI. “The right policy not only supports businesses in the aftermath of an incident but can also help prevent attacks through access to expert advice, threat monitoring, and incident response planning. With cyber threats continuing to grow in scale and sophistication, it needs to be a critical component of every organisation’s modern risk management strategy.”
The ABI urged that cyber insurance should form part of every organisation’s risk management framework as businesses face increasingly complex digital threats.
Anton Yunussov, director and head of cyber security at Forvis Mazars, said the data reflected patterns observed in the field, with ransomware, phishing, and supply chain attacks becoming more targeted.
“Ransomware, phishing, and supply chain attacks are becoming more targeted, often fuelled by AI-generated campaigns that are far harder to detect,” Yunussov said. “Cybersecurity can no longer be viewed as a technology or compliance issue – it’s a strategic business risk that affects every part of an organisation.”
Yunussov stressed that the financial impact extends beyond direct costs to include reputational damage and operational disruption.
“British companies must take a proactive approach: regularly assess risks, strengthen third-party oversight, and embed a ‘security-first’ culture through training and accountability,” he said. “Cyberattacks are now an ongoing and inevitable threat to UK businesses. Those that treat cybersecurity as a core strategic priority by investing in prevention, response, and recovery will be far better positioned to withstand the next wave of attacks.”
The figures were not extrapolated to market totals, according to the ABI.
