Ransomware up, rates down: Aon

Ransomware incidents increased 24% versus 2023, but despite the increased frequency of incidents, ransomware payment severity for Aon PLC broking clients declined, with average reported payment amounts down 77%, according to a report Tuesday from the broker.

Midsized organizations with $100 million to $2 billion of annual revenue filed more claims than any other group, representing 52% of all matters.

“Aon analysts observed underinsurance and a lack of basic cyber readiness plans exposed mid-market organizations to significant risk” the report said. Conversely, the report also noted the value of a response plan, revealing that such plans enable organizations to reduce the cost of a breach by an average of almost $500,000, emphasizing “the effectiveness of these strategies.”

With incidents up but payments down, the cyber risk insurance market remains buyer-friendly, Aon said.

Cyber insurance pricing ended first-quarter 2025 with a 7% decline after 10 straight quarters of pricing decreases.

“Broader coverage and increased limits are now available in most markets for risks with responsive cyber security controls,” according to the broker.

One challenge highlighted by the report is the potential for a cyber incident to cause a business “reputational damage,” which can impact its finances.

Of the 1,414 cyber events analyzed, 56 developed into reputation risk events, which are defined as cyber incidents that attract significant media attention and lead to a measurable decline in share price.

Companies affected by these reputation risk events experienced an average shareholder value decline of 27%, the Aon report said.