Aon’s 2025 Cyber Risk Report Highlights Financial Impact of Cyber Events
Aon has released its 2025 Cyber Risk Report, revealing that companies experiencing cyber events that escalate into reputation-related incidents saw an average 27% drop in shareholder value. This finding builds upon Aon’s 2023 research, which showed an average 9% decline in shareholder value following major cyber incidents. The latest report analyzed over 1,400 global cyber events to identify the types of attacks most likely to generate reputational consequences and their financial impact.
The analysis of 1,414 cyber events revealed that 56 were classified as reputation risk events – defined as incidents attracting substantial media attention and followed by a measurable drop in share price. Companies affected by these events experienced an average decline in shareholder value of 27%. Notably, malware and ransomware attacks were found to be the most likely to result in reputational effects, making up 60% of reputation-related incidents despite representing only 45% of total cyber events analyzed.
The report outlines five critical areas that contribute to value recovery following a cyber event: preparedness, leadership, swift response, communication, and change management. These factors were associated with stronger recovery outcomes and reduced long-term impact. Aon’s analysis also addresses the challenge of insuring reputational risk, noting that while cyber insurance can provide financial protection for certain losses, reputational damage is generally not covered.
Organisations with integrated cyber risk strategies, including crisis management planning, tend to be better positioned to manage both immediate and longer-term effects of cyber events. Brent Rieth, global cyber leader at Aon, emphasized that cyber risk has become a strategic concern requiring proactive preparation to manage both operational and reputational outcomes. The report utilizes proprietary data from Aon’s Cyber Quotient Evaluation platform, which supports cyber insurance submissions and offers insights into organisational exposure and readiness.
