A cyberattack could leave your organisation with a multimillion-pound hole in its balance sheet. But, as Nathan Hankin, head of UK retail cyber and tech E&O at Aon and Alison Goodwin, public sector practice leader at Aon, explain, the time is right to strengthen cyber defences.
Cyber attack or data breach remains the number one risk facing UK organisations in Aon's Global Risk Management Survey with the potential to cause significant disruption to services, reputational damage and financial losses. But, while the threat has never been greater, it is getting easier to protect an organisation.
The Cyber Security Breaches Survey 2025/26(1) shows just how common an issue it is. It found that 43% of businesses had experienced a cyber security breach or attack in the previous 12 months, with high profile examples including M&S, Jaguar Land Rover and Heathrow Airport.
Cyberattacks are common in the public sector too. Recent examples include: a cyberattack on pathology supplier Synnovis in June 2024, which affected two NHS foundation trusts and delayed more than 11,000 outpatient and elective procedure appointments(2); the London Councils Attack in November 2025, which caused disruption to public services(3); and the Canvas hack in April 2026, which affected more than 8,800 educational institutions, and approximately 275m students and staff around the world(4).
Balance sheet issue
The threat is rising but so too is the potential cost of a cyberattack. The global average cost of a data breach hit $4.88m in 2024 according to IBM(5), a 10% increase on the previous year.
The public sector isn't exempt from these costs, as the 2020 ransomware attack on Redcar and Cleveland Council demonstrates. The attack, which affected many of the council's services and functions and took 10 months to recover from, left a hole in its balance sheet.
Giving evidence to parliament in 2023, the then leader of the council, Mary Lanigan, said the response cost £11.3m and the council received £3.68m compensation from the government. As it wasn't insured, the £7.62m difference had to come from its limited reserves.
The possibility of such a large - and potentially even larger - hit to the balance sheet transforms cyber risk from a headache for the IT department, into a strategic, board-level issue that warrants very close attention.
Active cyber market
There's plenty of support for organisations looking to manage this risk. While many public sector organisations struggled to meet insurers' cybersecurity requirements in the past, this has changed over the last couple of years.
As the market has softened - and organisations' approaches to cybersecurity improved - we've seen an uptick in activity, both in terms of enquiries and policies bound. With the market competitive and plenty of capacity, cover is available, even for organisations who may have been declined in the past.
Quantifying financially the risk to the organisation is a great starting point, especially where the executive team is questioning the need for a new line of cover. A tool such as Aon's Cyber Risk Analyzer has features such as loss forecasting, security-controls exposure and total cost of risk analysis to highlight an organisation's balance sheet exposure to cyber risk.
Aon can also help organisations build cyber resilience. New threats are constantly emerging as cybercriminals shift their operations to exploit any vulnerabilities. The Cyber Loop enables an organisation to constantly evaluate its exposure, look to build greater resilience and protect its balance sheet.
Cyber risk is rising but, with a competitive insurance market and innovative tools and risk management strategies, so too are the opportunities for organisations to build resilience and control this threat.
More information
To find out more about the cyber insurance market and how Aon can help your organisation build its cyber resilience, speak to your account manager or contact Nathan Hankin or Alison Goodwin.
Nathan is also running a cyber webinar in June, exploring the new threats, exposures and opportunities organisations face. Click here to register for this free event on Thursday 25 June at 11am.
- Cyber security breaches survey 2025/2026 - GOV.UK
- NHS England - Synnovis cyber incident
- A Wake Up Call for UK Councils: Inside the Cyber Attack That Shut Down London Services | SysGroup Insights
- Canvas hack: Company pays criminals to delete students' stolen data - BBC News
- IBM Report: Escalating Data Breach Disruption Pushes Costs to New Highs
About Aon
Aon plc (NYSE: AON) exists to shape decisions for the better — to protect and enrich the lives of people around the world. Through actionable analytic insight, globally integrated Risk Capital and Human Capital expertise, and locally relevant solutions, our colleagues in over 120 countries provide our clients with the clarity and confidence to make better risk and people decisions that protect and grow their businesses.
The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information and use sources that we consider to be reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
Follow Aon on LinkedIn, X, Facebook and Instagram. Stay up-to-date by visiting the Aon's newsroom and sign up for News alerts here. ©2026 plc. All rights reserved.
This article has been compiled using information available to us up to 04/06/2026.
Aon UK Limited is authorised and regulated by the Financial Conduct Authority. Aon UK Limited is registered in England and Wales. Registered number: 00210725. Registered Office: The Aon Centre, The Leadenhall Building, 122 Leadenhall Street, London EC3V 4AN. Tel: 020 7623 5500.
FP.PS.2026.917.GG