A cyber attack can cause significant financial loss and long-lasting disruption. But, as the attacks get more sophisticated, Andrew Millard, public sector practice leader – North at Aon, and Benji Avro, cyber broker at Aon, say there’s never been a better time to take out cyber insurance.
Cyber attacks are rarely out of the headlines, with retail giants stealing the limelight this year. But, with every organisation a potential target, ensuring a robust approach to cyber security has never been more important.
Public sector targets
Targeting a high-street giant may seem an easy win for the hackers but public sector organisations are not immune to cyber attacks. Many hold large amounts of sensitive personal data, making them attractive targets for cyber criminals.
Recent public sector examples in the news include: a ransomware attack on a pathology supplier, forcing London Hospitals to cancel operations and divert emergency patients; a City Council shutting down its IT systems and phone lines following a ransomware attack; and a School being forced to close for a day after it was targeted in a cyber attack.
Costs and disruption
As well as the immediate chaos as an organisation attempts to get back on its feet, disruption can last for many months. A Council was crippled by a ransomware attack a few years ago and it took 10 months for its IT system to be fully restored. During this time, services from bin collections to housing and social care were disrupted.
The council also faced significant costs as a result of the attack, reporting that the response cost £11.3m, of which just £3.68m was covered by compensation from the government. With public sectors budgets already under extreme pressure, this is an additional cost that no one needs.
Wake-up call
Having a robust approach to cyber security is essential. In May, Richard Horne, CEO of the National Cyber Security Centre, told delegates at the CyberUK conference that his organisation had dealt with twice as many nationally significant incidents since September 2024, compared with the same period the previous year.
He added: “All organisations need to see this as a wake-up call – to understand what their exposure is to cyber attacks, to ensure they’ve got the right defences in place, and to make sure they’ve got a plan to be able to continue operations and recover should they be hit by a cyber attack.”
Cyber solution
Cyber insurance can be a valuable part of this plan. While cover can pick up the losses experienced following a cyber attack, policies are about much more than the financial impact of an attack.
As well as giving an organisation access to risk management advice to help reduce the risk of an attack, a cyber insurance policy provides access to a range of expert services if an incident does occur. Being able to call on this expertise, which includes legal, PR and IT specialists, can minimise disruption and help an organisation avoid large fines and penalties.
Competitive market
It’s getting easier to secure cover too. The cyber market is incredibly competitive and while underwriting is still rigorous, investment in IT infrastructure means more public sector organisations are able to access cover.
The arrival of new entrants to the cyber insurance market has brought more maturity to the market and more options for anyone seeking cover. Carriers are increasing limits. Subsequently, it’s now typically possible to obtain higher limits for less than it would have cost a year ago.
There’s also a range of excess’ on offer. Taking a large excess can be an attractive option for public sector organisations; a high level of risk retention is common and, with cyber, it still may give access to the risk management advice and breach response support.
Securing stakeholder support
It may be the perfect time to take out cyber insurance but it’s still a purchase that can be met with resistance internally. It can be difficult to get the go ahead for a new line of insurance, especially when new lines are unusual and there’s pressure on budgets.
Our Cyber Impact Analysis (CIA) and CyQu platforms can help you secure stakeholder support by demonstrating what the financial impact of an incident would be therefore your organisation’s need for cyber insurance. The assessment models a cyber incident, such as a ransomware attack or denial of service attack, to understand the organisation’s financial exposure from cyber risk. This not only helps demonstrates insurability but can also help determine the most appropriate cover limits and structure and support risk management investment.
With cyber criminals who may be intent on causing as much financial loss and disruption as possible, it’s never been more important to protect your organisation and the public it serves. Taking advantage of the competition in the cyber insurance market could prove a valuable investment in your organisation’s cyber defences.
More information
To find out more about cyber threats, the state of the insurance market or Aon’s Cyber Impact Analysis platform, speak to your Aon account manager or contact Andrew Millard (
[email protected]) or Benji Avro (
[email protected]).
About Aon
Aon plc (NYSE: AON) exists to shape decisions for the better — to protect and enrich the lives of people around the world. Through actionable analytic insight, globally integrated Risk Capital and Human Capital expertise, and locally relevant solutions, our colleagues in over 120 countries provide our clients with the clarity and confidence to make better risk and people decisions that protect and grow their businesses.
©2025 Aon plc. All rights reserved.
Aon is not a law firm or accounting firm and does not provide legal, financial or tax advice. Any commentary provided is based solely on Aon’s experience as insurance practitioners. We recommend that you consult with your own legal, financial and/or insurance advisors on any commentary provided herein. All descriptions, summaries or highlights of coverage described herein are for general informational purposes only and do not amend, alter or modify the actual terms and conditions of any relevant policy. Coverage is governed only by the terms and conditions of such policy. Insurance coverage in any particular case will depend upon the type of policy in effect, the terms, conditions and exclusions in any such policy, and the facts of each unique situation. No representation is made that any specific insurance coverage would apply in the circumstances outlined herein. Please refer to the individual policy forms for specific coverage details. The information contained in this document and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the article or any part of it and can accept no liability for any loss incurred in any way whatsoever by any person who may rely on it.
Follow Aon on LinkedIn, X, Facebook and Instagram. Stay up-to-date by visiting the Aon's newsroom and sign up for News alerts here. ©2025 plc. All rights reserved.
This article has been compiled using information available to us up to 12/06/2025
Aon UK Limited is authorised and regulated by the Financial Conduct Authority. Aon UK Limited is registered in England and Wales. Registered number: 00210725. Registered Office: The Aon Centre, The Leadenhall Building, 122 Leadenhall Street, London EC3V 4AN. Tel: 020 7623 5500. FP.PS.2025.440.SD