Cyber claims are trending downward, according to analysis of claims submitted by clients of broker and risk advisory, Marsh UK. Claims fell by around 20% in 2024 following a spike in 2023 but remained approximately one-third higher than 2020, 2021 and 2022, according to the company’s UK Cyber Insurance Claims Trend Report 2024.

Published today, the report shows that Q3 2024 saw the second highest level of activity recorded since 2020, rising 14% on Q3 2023 – partially due to the global outage caused by the CrowdStrike software update in July 2024.

Commenting on the numbers, Helen Nuttall, UK head of cyber incident management, Marsh, said: “UK cyber insurance claims remain consistently high as cyber attackers increasingly exploit supply chains, AI-enabled intrusions, and several widespread non-malicious events to breach cyber defences. These figures underline the persistent nature of the threat, particularly as claims activity stemmed from numerous small events rather than any single systemic event in the UK.”

According to the report, while ransomware claims in 2024 declined by 31% on 2023 – marked by a sharp increase in the wake of the MOVEit data breach – it remained approximately double the totals recorded for 2020, 2021, and 2022.

Marsh attributes the decline in UK ransomware claims to the increase in law enforcement activity, stricter global sanctions relating to cyber crime, and a fall in the number of organisations opting to pay ransoms when targeted. Improved cyber security measures, earlier detection of threat actors prior to encryption, and organisations being less concerned about being publicly identified as ransomware victims were also contributory factors.

Although the amounts paid by UK ransomware victims continued to rise in 2024, extortion negotiations involving ransomware experts remained generally effective, often resulting in reductions of over 60% from the initial demands to the final payment, Marsh said.

Extortion – including ransomware – was the primary cause of cyber losses accounting for 28% of claims, followed by data breaches – including both hostile and accidental external breaches, but excluding extortion – at 17%, and system infiltration (excluding extortion and data breach) at 7%.

---