Cyber events now among top global reputation risks for insurers

Damage to Brand or Reputation is now ranked among the top ten risks facing organisations worldwide, posing a significant threat to insurers’ portfolios and investment income.

This was according to Aon’s 2025 Cyber Risk Report, which said cyber events that trigger reputational risks can result in an average 27% drop in shareholder value — underscoring the growing financial stakes tied to reputation. 

"Cyber risk is no longer just a technology

issue — it’s a boardroom issue."

In the 2023 research, the report said that major cyber incidents led to an average 9% decline in shareholder value over the following year. The latest edition expands on that research, analysing “more than 1,400 global cyber events and identifies which types of attacks are most likely to evolve into reputation risk events and which can be the most damaging when they do.”

The changes were reported on and said to have been backed up by other recent reports and studies. “Cyber risk is no longer just a technology issue — it’s a boardroom issue,” said Brent Rieth, Global Cyber Leader at Aon. “This research underscores the importance of proactive risk mitigation. Organisations that invest in preparedness and resilience are far better positioned to avoid the reputational and financial fallout that can follow a cyber event.”

Among the report’s key findings:

• Of the 1,414 cyber events analysed, 56 developed into reputation risk events, which are defined as cyber incidents that attract significant media attention and lead to a measurable decline in share price.
• Companies affected by these reputation risk events experienced an average shareholder value decline of 27%.
•  Malware and Ransomware were the most likely to trigger reputational damage, accounting for 60% of all reputation-related incidents, despite representing only 45% of total cyber events.
• Aon identified five critical drivers of value recovery: preparedness, leadership, swift action, communication, and meaningful change.
  
  

Cyber risks have topped insurance industry concerns for years — and in 2024, they became the number one global risk in the Allianz Risk Barometer. Cyber topping the risks chart was said to highlight the threats from a range of areas for investment teams at insurers, from back-office automation to investing in technology or emerging markets, which could be targeted by criminals or those seeking to cause unrest.

Cyber topped the risk chart for the first time by a clear margin with 36% of responses, which was five percentage points ahead of the next item on the list.

Managing uninsurable risks

The report also highlighted the growing challenge of managing uninsurable risks. While cyber insurance can help transfer some financial exposure, reputation risk remains largely nontransferable, making proactive risk management and crisis response essential. 

"As cyber threats grow more complex and interconnected,

companies need a clearer view of their exposure."

Reputation risk is increasingly influencing strategic decisions and portfolio management in insurance firms. Swiss Re Emerging Risks report, pointed to a range of non-financial threats — including litigation, regulation, and stranded asset concerns — shaping investment risk.

“Financial market exposure to plastics and microplastics is a growing concern for investors due to accelerating regulatory, legal and reputation risks,” it said. “Litigation is mounting, as exemplified by the aforementioned California state lawsuit against ExxonMobil for misleading claims on plastic recyclability, underscoring legal exposure across the plastics value chain.”

Aon pointed out that companies must have access to analytical insights to fully understand and manage reputation risks. “Companies need to ensure they have access to the analytical insights required to develop a full understanding of reputation risks,” it said.

Those companies that can use these levers successfully can help mitigate shareholder value destruction and may even gain a reputation boost. “Our 2023 research found that companies successfully navigated 17 of the 47 studied cyber-attacks, realising an average increase in shareholder value of 18%,” it said. 

For the remaining 30 events, however, shareholder value saw an average 21% drop. The report specified that understanding and mitigating reputation risks can help companies preserve significant value and should be a high-priority investment.

“As cyber threats grow more complex and interconnected, companies need a clearer view of their exposure, stronger alignment between cybersecurity and insurance strategies, and the tools to make better, data-driven decisions,” said Reith. 

Cyber risk is now a direct threat to shareholder value and strategic decision-making. With reputational damage often now increasingly insurable, companies must invest in their response strategy to protect their valuable assets. For insurers, the stakes are especially high, as cyber events can reshape risk profiles, investment strategies, and long-term brand equity.