Aon’s 2025 Global Cyber Risk Report highlights a 22% rise in cyber incident frequency in 2024 alongside a significant 77% decline in average ransomware payouts, emphasizing improved cyber preparedness and insurance market stability. The report underscores evolving threats, systemic risks, the impact on key industries, and the buyer-friendly cyber insurance environment enhanced by advanced controls and broader coverage. #Ransomware #CyberInsurance #CrowdStrike #ChangeHealthcare
Keypoints
- The report typically opens with an Executive Welcome, setting the context of the past year’s cyber events and the unique global data analysis approach, followed by detailed sections covering ransomware trends, insurance market dynamics, cyber risk controls, sector-specific challenges, and regional cyber maturity.
- Key statistics include a 22% increase in cyber incident frequency in 2024, a 77% decrease in average ransomware payments, and a 31% rise in cyber-related claims showing more frequent but less costly payouts.
- Ransomware remained prevalent, with incidents climbing 24%, though payment severity declined, supported by stronger cyber defenses and multi-factor authentication adoption.
- Significant systemic incidents, such as the Change Healthcare attack affecting 190 million people and the CrowdStrike outage impacting millions of systems globally, illustrate complex interdependencies and third-party risks.
- The cyber insurance market experienced a 7% premium decline entering 2025, maintaining a buyer-friendly environment with ample capacity, broader coverage, and increased limits for insured entities with robust security controls.
- Mid-sized organizations ($100 million to $2 billion revenue) reported the most cyber claims, reflecting underinsurance and cyber readiness gaps in this segment.
- Insurance carriers shifted to holistic cyber risk resilience assessments, emphasizing privacy-oriented and third-party controls influenced by heightened regulatory scrutiny and evolving class action lawsuits.
- Advanced modeling and analytic tools, such as Aon’s Cyber Risk Analyzer, help organizations and insurers quantify systemic and third-party cyber risks for better decision-making and risk transfer strategies.
- Operational Technology (OT) security saw a 7% improvement in key red flag controls, including segmentation, endpoint detection, and MFA for OT remote access.
- Recommended actions focus on strengthening cyber preparedness through data-driven risk posture analysis, enhancing privacy and third-party security, embracing incident response planning, and collaborating with brokers to optimize insurance coverage aligned with evolving risks.
Source: Awesome Annual Security Reports - The reports in this collection are limited to content which does not require a paid subscription, membership, or service contract. (https://github.com/jacobdjwilson/awesome-annual-security-reports/)