Introduction
In 2024 [1] [2] [4] [5] [6] [7], UK companies experienced notable shifts in cyber insurance claims, particularly in the realm of ransomware, following a tumultuous period in 2023. This period was marked by a significant decline in claims, yet the overall threat landscape remained complex and evolving, with various factors influencing the dynamics of cyber incidents.
Description
In 2024 [1] [2] [4] [5] [6] [7], UK companies experienced a 20% decline in cyber insurance claims following a spike in 2023, although overall claims remained approximately one-third higher than the levels recorded in 2020, 2021 [1] [2], and 2022 [1] [2] [4] [5] [6] [7]. Ransomware claims specifically saw a significant 31% reduction from the previous year, following a surge triggered by the MOVEit data breach. Despite this decline [4] [7], ransomware claims in 2024 were still about double the totals from the preceding three years [4], with ransomware now present in 44% of breaches [3], marking a 37% annual increase [3]. Small and medium-sized businesses (SMBs) were particularly affected [3], with ransomware appearing in 88% of breaches within this segment [3]. Interestingly, while the number of ransomware victims decreased, the total amounts paid by those who engaged with threat actors continued to rise, with negotiations involving ransomware experts often resulting in reductions of over 60% from initial ransom demands [4].
The first quarter of 2024 [7], however, witnessed ransomware claims more than double compared to the same quarter in 2023 [7], indicating a complex and evolving threat landscape. By the fourth quarter of 2024 [7], ransomware claims experienced a 65% decrease compared to the same period in 2023, yet there were indications of a potential rise in ransomware claims anticipated for January 2025 [7]. Contributing factors to the overall decline in ransomware claims included increased law enforcement activity [4] [5], stricter international sanctions on cybercrime [4] [5], a reduced willingness among organizations to pay ransoms [2], enhanced cybersecurity measures [4] [5], earlier threat detection [2] [4] [5], and a growing acceptance among victims of being publicly identified as ransomware targets [2].
In 2024 [1] [2] [4] [5] [6] [7], extortion [4] [5] [7], including ransomware [2] [4] [5] [6] [7], accounted for 28% of total cyber claims [4] [5], while data breaches—both accidental and hostile—constituted 17% [7], and system infiltration made up 7% [4] [7]. Breaches involving vulnerability exploitation as an initial access vector increased by 34% annually [3], driven by a rise in zero-day attacks targeting perimeter devices and VPNs [3]. Employees remained a significant source of security risk [3], involved in 60% of breaches [3], with credential abuse by third parties and phishing being the most common issues [3]. The ongoing threat landscape remains complex, with cyber attackers increasingly exploiting supply chains, utilizing AI-enabled intrusions [5], and taking advantage of various non-malicious events.
A significant incident in this context involved the British Library, which suffered a ransomware attack in October 2023 by the group Rhysida [2], resulting in the theft and public release of approximately 600GB of data [2]. The library allocated around £6 million to £7 million from its reserves for recovery [2], underscoring the substantial financial impact of such cyber incidents [2]. The median time to fully remediate vulnerabilities was reported at 38 days, while mass exploitation took just five days [3], highlighting the urgency of addressing these threats.
Conclusion
The cyber threat landscape in 2024 demonstrated both progress and ongoing challenges. While there was a notable decline in ransomware claims, the persistent threat of cyber incidents necessitates continued vigilance and adaptation. Enhanced law enforcement efforts, international sanctions [2], and improved cybersecurity measures have contributed to mitigating risks. However, the evolving nature of cyber threats, including the potential resurgence of ransomware claims, underscores the need for organizations to remain proactive in their cybersecurity strategies. The financial and operational impacts of incidents like the British Library attack highlight the critical importance of robust defenses and rapid response capabilities in safeguarding against future threats.
References
[1] https://www.postonline.co.uk/claims/7957700/cyber-claims-decrease-following-2023-spike
[2] https://www.insurancebusinessmag.com/uk/news/cyber/marsh-reports-drop-in-uk-cyber-claims-but-activity-remains-elevated-534786.aspx
[3] https://assured.co.uk/2025/five-ciso-takeaways-from-verizons-dbir/
[4] https://cirmagazine.com/cir/c2025050701.php
[5] https://www.marsh.com/en-gb/about/media/uk-cyber-insurance-claims-2024.html
[6] https://www.infosecurity-magazine.com/news/uk-cyberinsurance-claims-second/
[7] https://www.tradingview.com/news/reuters.com,2025:newsml_L6N3RF0GS:0-marsh-uk-cyber-insurance-claims-dropped-by-20-in-2024/
