Uninsured firms incur 69% higher cyber incident costs

The direct cost of a cyber incident increased by 11% in 2023 to an average of £1.3m, with this cost rising to an average £2.1m for organisations without cyber insurance. This is amongst the findings of research carried out by global corporate intelligence and cyber security consultancy, S-RM.

S-RM’s research shows large organisations in particular should consider investing in cyber cover, with 30% of companies with a revenue between £394m and £800m experiencing a ransomware attack in 2023, compared with 40% of larger companies with a revenue between £7.9bn and £20bn.

Organisations surveyed for the firm’s annual Cyber Security Insights Report reported that the top three factors contributing to growing cyber incident costs are increased insurance premiums (37%), operational downtime (36%) and recovery and response costs (32%).

The risk is higher amongst larger organisations due to their broader operational footprints and the greater volumes of sensitive data they hold – something that government agencies would do well to consider following recent revelations around their attitudes to cover.

Jamie Smith, board director and head of cyber security at S-RM, commented: “It almost goes without saying that the larger the organisation, the bigger the target it has on its back. However, most of these sizeable companies will have much more expansive budgets that they could and should, be putting towards cyber security. Paying a regulatory fine, facing increased premiums, or recovering from downtime all carry a far higher cost than ensuring you have adequate cyber budget allocated.”

Paul Caron, head of cyber security, Americas, at S-RM, added: “For many companies and organisations, cyber insurance has far exceeded being just a ‘nice to have’ and our most recent data shows exactly why it is so essential to be properly insured against cyber incidents and data breaches. Premiums may be rising, but without adequate insurance the regulatory, reputational and downtime risks are far higher – businesses must take note.”

The Cyber Security Insights Report was conducted with input from 600 senior C suite and IT budget holders from organisations with a revenue of over £395m across the UK and the US in September 2023.

Share Story:


Deborah Ritchie speaks to Chief Inspector Tracy Mortimer of the Specialist Operations Planning Unit in Greater Manchester Police's Civil Contingencies and Resilience Unit; Inspector Darren Spurgeon, AtHoc lead at Greater Manchester Police; and Chris Ullah, Solutions Expert at BlackBerry AtHoc, and himself a former Police Superintendent. For more information click here

Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023