Skip to main content
What can we help you find?
main content, press tab to continue
Article

GB Cyber Insurance Update – H2 2025

January 20, 2026

H2 saw severe cyber BI losses and board focus, yet abundant insurance capacity drove higher limits, lower premiums and fast claims.
Crisis Management|Cyber-Risk-Management-and-Insurance|Financial, Executive and Professional Risks (FINEX)
N/A

Executive Summary

The cyber risk environment in H2 intensified an already turbulent H1, with multiple high-impact cyber business interruption incidents reported in mainstream media. Despite this, abundant cyber insurance capacity meant premiums remained very buyer-friendly.

During H2, unprecedented numbers of clients increased cyber business interruption limits well beyond £100m, either at renewal or mid-term reflecting a sense of buyer priority.  This coincided with the UK Government writing to CEOs and Chairs of leading UK companies, requesting cyber risk be treated as a board-level priority.[1]

Key observations – What you need to know

  • Most financially damaging UK cyber attack on record: Following major H1 cyber attacks on UK retailers, the Jaguar Land Rover incident in late August resulted in estimated losses of £1.9bn.[2]
  • Major cyber claims paid quickly: Marks and Spencer’s confirmed receipt of £100m of insurance income within months of the April 2025 incident.[3]
  • Cyber Business Interruption vs Property Business Interruption: With cyber events excluded from traditional Property Business Interruption policies, H2 reinforced the need to assess cyber BI limits alongside Property BI limits at board level.
  • As cited in our Bridging the Gap blog post (found here), Our claims data found that D&O claims followed a cyber event/incident
  • AI Trifecta risk: AI Machine Identities now outnumber humans by 80:1. Businesses must treat AI as:
    • a weapon that can attack systems
    • a defender that secures systems
    • a business system that must be secured[4]
  • Abundant market capacity: Cyber market capacity remained very high and continued to grow, sustaining ultra-competitive conditions seen since 2023.
  • Significant pricing reductions: Despite major losses and BI events, clients commonly secured premium reductions during H2 due to sustained insurer competition.
  • Tailored policy coverage: Clients continue to use cyber insurance innovation to tailor coverage, including reflecting increasing reliance on – and risk generated by – AI.[5]

Key Topics – Deeper Dive

2025 cyber incidents

Multiple 2025 events demonstrated that cyber events can bring enterprises to a near standstill. The Jaguar Land Rover (JLR) attack halted UK operations  in Halewood and Solihull, with global disruption across Brazil, China, India and Slovakia and losses estimated at £1.9bn.[6]

Operational disruption is industry-agnostic. Following a cyber attack, Co-Op reported £205m of lost sales, with further financial impacts yet to be fully accounted for.[7]

In addition to malicious threats, Amazon Web Services (AWS) suffered a technical failure at its Northern Virginia data centre in October, impacting thousands of businesses across multiple industries.

Key challenges for business leaders

  • To mitigate D&O exposure, boards must treat cyber risk as a strategic priority, with the link between cyber events and D&O claims strengthening
  • Understanding the impact of key business operations being impaired by a cyber incident is the responsibility of the board, not just IT leadership – if these are not understood, strategic level priorities will most likely be unexpectedly impacted
  • IT underpins virtually all business-critical operations, systems and tools (warehouse management, logistics, forecasting, payroll etc) – this needs to be reflected in how boards identify and manage risk at an enterprise level, ensuring well-rounded focus & decision making
  • Cyber has proven to be a catastrophic business risk, prompting direct comparison with Property BI strategies and limits Shareholders will increasingly scrutinise risk appetite and insurance transfer
  • Material risk flows from third-party technology and supply chains, generating unavoidable residual exposure

Claims – can businesses relax in 2026?

2025 highlighted how difficult it remains to mitigate both the likelihood and severity of cyber incidents. Human behaviour remains a key driver, as shown by CyberArk research:

  • 65% of employees bypass security policies
  • 40% habitually download customer data
  • 1 in 3 can alter sensitive or critical data
  • 72% use AI tools at work, yet 68% lack identity security controls for this technology
  • AI-generated phishing emails are now highly personalised and nearly indistinguishable

Key implications

  • IT leaders cannot fully control employee behaviour or prevent phishing
  • Enterprise risks will remain poorly understood without board-level tone and engagement

Cyber resilience cannot eliminate incidents, just as health & safety cannot prevent all accidents

Cyber insurance market capacity

During H2, cyber BI capacity continued to rise. As financial impacts of 2025 cyber incidents became clearer, clients reacted quickly to secure higher limits at favourable premium levels.

Looking ahead, the January 2026 reinsurance renewals were favourable for insurers. Capacity is expected to increase for a fourth consecutive year, supporting competitive conditions into H1 2026 and beyond.

Premium levels

During H2, many clients achieved premium reductions of -10% to -40%, driven by strong competition.  These outcomes were combined with tailored advice focused on sustainability and client priorities.

In 2026, further reductions are expected, although may resist after three consecutive years of price declines. Plentiful capacity is expected to continue to drive competition and secure reductions, while clients further increase cyber BI limits while pricing remains attractive.

Policy coverage – does cyber BI insurance pay?

Global cyber insurer CFC reports a 99.1% claims acceptance rate across its 4,000+ annual claims.

The Marks & Spencer incident demonstrates that even large cyber BI losses can be settled quickly, with £100m paid within months of the April 2025 event.

Swift claims settlement is critical when income is materially curtailed and unexpected costs persist for months or longer[8].

Reflecting these dynamics, 2025 saw unprecedented growth in new cyber insurance buyers. In the UK corporate segment, volumes were over 60% higher than two years ago. Many of our clients increased limits by 50-100%, with further increases already planned for early 2026. This reflects a more holistic approach to Business Interruption risk, regardless of whether the trigger is physical damage or a cyber event.

References

  1. Correspondence Ministerial letter on cyber security Updated 14 October 2025. Return to article
  2. Cyber Monitoring Centre Statement on the Jaguar Land Rover Cyber Incident – October 2025. Return to article
  3. Half Year Results For The 26 Weeks Ended 27 September 2025. Return to article
  4. Secure every identity. Power every possibility. Return to article
  5. Retail cyberattacks: How to better protect your business and boost cyber resilience . Return to article
  6. Biggest Cyber Attacks of 2025 & Their Impact on Global Cybersecurity. Return to article
  7. Co-op says cyber-attack cost it £206m in lost sales. Return to article
  8. Why the cyber claims service is key when picking a policy. Return to article

Contacts

Simon Basham
Head of Cyber Broking GB
email Email phone +44 7795 855 925
Adrian Ruiz
Head of FINEX Cyber & Tech
email Email phone +44 020 3124 6820
Related content tags, list of links Article Crisis Management Cyber Risk Management and Insurance Financial, Professional and Executive Risks

Service

Cyber Insurance from WTW

More than half of all cyber incidents begin with employees, so it’s a people problem. And the average breach costs $4 million, so it’s a capital problem, too. No one decodes this complexity better than WTW.

Our Financial, Executive and Professional Risks Capabilities

Financial, Professional and Executive Risks

We specialize in mitigating financial, professional and executive liability risks, enabling you to safeguard your reputation and bolster your business's prosperity.
Cyber Risk Management and Insurance

Safeguard your digital infrastructure and assets against cyber threats with our tailored coverage solutions and experienced teams.
Directors’ and Officers’ Liability Insurance

D&O insurance provides legal protection and promotes good corporate governance. Consider it as part of your risk management strategy.
Mergers and Acquisitions

Our M&A team delivers tailored M&A solutions for people and risk to make your M&A deal a success.
Operational Risk Solutions

Helping to bridge the gap between risks and insurance programs for financial services organisations.
Professional Indemnity Insurance

Our professional indemnity insurance offers tailored risk solutions for legal, financial, construction, and tech professionals, protecting against legal liabilities and financial loss.
Cyber Crisis Management Workshop

We help clients prepare for high-impact cyber events. Our cyber crisis management workshops are built to test and refine your organisation’s response.
Financial Institutions

From an ever-shifting regulatory landscape to the digitalization of the workplace, financial institutions face a complex set of challenges and risks. WTW helps our financial institution clients manage risk, cultivate talent and explore new ways of working.
Contact us