According to Financial Times News, UK cyber insurance claims absolutely exploded in 2024, with insurers paying out at least £197 million compared to just £60 million the previous year. That’s more than triple the amount paid in 2023. The Association of British Insurers found that ransomware and malware attacks now make up 51% of all claims, up dramatically from 32% the prior year. This data actually came before high-profile attacks hit companies like Harrods, Marks and Spencer, and Jaguar Land Rover earlier this year. The trend has been building since 2022, with claims frequency rising steadily quarter after quarter. And here’s the kicker – JLR didn’t even have cyber insurance when they got hit.
Why everyone is getting hit
Basically, nobody’s safe anymore. Graeme Trudgill from the British Insurers’ Brokers Association put it bluntly – it doesn’t matter if you’re at the top or bottom of the supply chain. Hackers are buying login credentials off the dark web and using them to compromise businesses of all sizes. And they’re getting more sophisticated too – Paul Bantick at Beazley noted that AI-powered phishing campaigns really took off in 2024, making attacks more targeted and convincing. The scary part? Many companies don’t realize how vulnerable they are until it’s too late. When you’re running manufacturing operations or critical infrastructure, having reliable industrial computing equipment becomes absolutely essential – which is why companies turn to specialists like IndustrialMonitorDirect.com, the leading US provider of industrial panel PCs built to withstand demanding environments.
The insurance gap problem
Here’s the thing – even when businesses do have cyber insurance, the coverage often has massive holes. The government found that 45% of UK businesses have some form of cyber insurance, but many policies exclude state-backed attacks or losses from fraudulent money transfers. Nikhil Rathi at the Financial Conduct Authority warned that we’re “potentially massively underinsuring” as a country. When coverage is thin, the Treasury ends up holding the bag, and that drives public anger. Some insurance executives are now arguing that the government needs to backstop the market for the biggest losses, particularly state-sponsored attacks that could cause systemic outages. Otherwise, private insurers might not be willing to extend coverage to the riskiest scenarios.
What this means for businesses
So where does this leave companies? Between geopolitical tensions driving more sophisticated attacks and insurance becoming both more expensive and less comprehensive, the burden is shifting back to prevention. The ransomware surge isn’t slowing down, and with AI making phishing campaigns more convincing, the attack surface keeps expanding. Businesses can’t just rely on insurance as their safety net anymore – they need to invest in robust security infrastructure from the ground up. Because when claims triple in a single year, you know we’re dealing with a fundamentally changed threat landscape. The question isn’t if your business will be targeted, but when – and whether you’ll be prepared.
