The findings build on Aon's 2023 research, which showed that major cyber incidents led to an average 9 percent decline in shareholder value over the following year. This year's report goes further, analyzing more than 1,400 global cyber events and identifying which types of attacks are most likely to evolve into reputation risk events and which can be the most damaging when they do.
"Cyber risk is no longer just a technology issue — it's a boardroom issue," said Brent Rieth, global cyber leader at Aon. "Our latest research underscores the importance of proactive risk mitigation. Organizations that invest in preparedness and resilience are far better positioned to avoid the reputational and financial fallout that can follow a cyber event."
Among the report's key findings:
• Of the 1,414 cyber events analysed, 56 developed into reputation risk events, which are defined as cyber incidents that attract significant media attention and lead to a measurable decline in share price.
• Companies affected by these reputation risk events experienced an average shareholder value decline of 27 percent.
• Malware and Ransomware attacks were the most likely to trigger reputational damage, accounting for 60 percent of all reputation risk events, despite making up only 45 percent of total cyber incidents.
• Five drivers of value recovery — preparedness, leadership, swift action, communication and change — were identified as critical levers for mitigating reputational fallout.
The report also highlights the growing challenge of managing uninsurable risks. While cyber insurance can help transfer some financial exposure, reputation risk remains largely nontransferable, making proactive risk management and crisis response essential.
"As cyber threats grow more complex and interconnected, companies need a clearer view of their exposure, stronger alignment between cybersecurity and insurance strategies, and the tools to make better, data-driven decisions. Aon is uniquely positioned to support clients through these challenges," added Rieth.
Aon's 2025 Cyber Risk Report draws on proprietary data from the firm's Cyber Quotient Evaluation, a patented global e-submission platform that streamlines the cyber insurance intake process and empowers organizations with actionable insights into their cyber exposures and insurability — helping to strengthen both underwriting outcomes and cyber risk management strategies.
|
