The Association of British Insurers told The Financial Times that claims on cyber insurance policies had surged across a small but fast-growing market. The share of claims linked to malware and ransomware attacks rose to 51 per cent of the total, up from 32 per cent the previous year.
The spike in claims arrived before several headline-grabbing breaches earlier this year, including those at Harrods, Marks and Spencer, and Jaguar Land Rover. The latter wasn’t covered by cyber insurance, which likely made the incident sting even more.
Although the figures don’t represent the whole market, they include most of the UK’s largest insurers, the ABI said.
British Insurance Brokers’ Association chief executive Graeme Trudgill said there had been “a steady and continuous rise in cyber claims frequency” between the first quarter of 2022 and the third quarter of 2025.
Trudgill blamed stolen login credentials flogged on the dark web for many of the breaches. “It does not matter if you are at the top of the supply chain or the bottom; you could be a target,” he said.
Cybersecurity analysts pointed to geopolitical tensions as one reason for the increase in hacking activity, with cyber gangs now targeting major companies and national infrastructure.
Beazley chief underwriting officer Paul Bantick said some hackers were motivated purely by money, while others targeted organisations in specific countries for political reasons. He added that criminals often go after large firms or those running infrastructure, energy, and transport systems to cause maximum economic disruption.
Bantick also warned that crooks had started using artificial intelligence tools to create more advanced and personalised phishing scams, a trend that took off during 2024.
A government report in June found that 45 per cent of UK businesses, and over 60 per cent of small and medium-sized enterprises, had some form of cyber insurance. Even so, many policies come with hefty exclusions, leaving firms exposed to losses from fraudulent transfers or state-backed attacks.
Financial Conduct Authority chief executive Nikhil Rathi said in a speech at the City of London Corporation’s annual dinner that the UK was “potentially massively underinsuring.”
He said: “Globally, a fraction of catastrophe and cyber risks are insured, and when cover is thin, it hits the Treasury. That, along with the impact on livelihoods, drives popular anger.”
Some industry bosses argue that the government should step in to provide a financial backstop for the sector, covering catastrophic events such as state-backed cyber attacks that could cripple infrastructure. They claim that such support would allow insurers to expand coverage without fear of financial ruin if the worst were to happen.