top of page

What your board doesn't know about cyber insurance could hurt

Cyber insurance has a hugely important part to play in cyber risk management, and it's also a fast-growing market in the UK. Insurance providers report that an increasing number of smaller organisations are starting to adopt cover in the wake of the high-profile attack on JLR, seeing the impact on its supply chain. According to UK government's Cyber Breaches Survey, almost half of businesses and a third of charities now report being insured against cyber security risks in some way.


But cyber insurance is by no means a panacea, and new research by insurance broker Gallagher and the Centre for Economics and Business Research (CEBR) points to a fast-growing risk that boards need to be aware of: shareholder litigation.


"Shareholder litigation accounted for £3.7 billion of the £11.7 billion total cost of cyber-attacks to large UK businesses in 2025 ... the second largest cost after £5.4 billion in direct losses from disrupted trading. ... By contrast, the immediate cost of responding to an attack was much lower. Together, these response costs are only a small share of the total financial impact. The far larger exposure now lies in the legal and reputational consequences that follow, with shareholder action and class actions emerging as significant financial risks for directors."


Of course shareholders are not the only group that may litigate following a cyber breach. If personal data is lost, subjects who suffered harm as a result may have a claim.


The Gallagher research found that only 59% of large UK businesses purchasing cyber insurance have cover for third-party legal claims, and 49% for regulatory fines and penalties. And while 86% of firms carry directors' and officers' insurance, "many policies restrict cover where incidents are linked to governance failings, meaning firms should check with their broker which insurance policy will cover them for these costs. ... In the US, breaches have gone even further, triggering costly shareholder lawsuits focused entirely on board oversight and disclosure."


Our next CxB webinar for board directors will be addressing this topic; we hope you'll join us to learn more.


Cyber insurance: What boards need to know
June 1, 2026, 12:30 – 1:30 PM GMT+1Webinar
Register Now


 
 
bottom of page