Malware and ransomware attacks emerged as the most reputationally damaging, accounting for 60% of reputation risk events while making up only 45% of total cyber incidents analysed.
Companies hit by cyber incidents that trigger reputation risk can see their shareholder value plunge by an average of 27%, according to Aon’s 2025 Global Cyber Risk Report, which highlights the growing financial impact of cyber threats on businesses worldwide.
The report analyses more than 1,400 global cyber events and identifies the types of attacks most likely to damage a company’s reputation and its market value. It builds on Aon’s 2023 findings, which linked major cyber incidents to an average 9% fall in shareholder value over the subsequent year.
“Cyber risk is no longer just a technology issue — it’s a boardroom issue,” said Brent Rieth, global cyber leader at Aon. “Our latest research underscores the importance of proactive risk mitigation. Organisations that invest in preparedness and resilience are far better positioned to avoid the reputational and financial fallout that can follow a cyber event.”
Among the cyber events studied, 56 were found to have developed into reputation risk events, defined as incidents attracting significant media scrutiny that lead to a measurable drop in share price.
These incidents resulted in an average 27% decline in shareholder value, according to the report.
Malware and ransomware attacks emerged as the most reputationally damaging, accounting for 60% of reputation risk events while making up only 45% of total cyber incidents analysed.
The study warns that such attacks are more likely to generate widespread public and investor concern, particularly when they disrupt business operations or expose sensitive data.
Aon’s research highlights five key drivers that help companies recover value following a reputational cyber event: preparedness, leadership, swift action, communication and change. These levers, the report notes, “separate organisations that recover quickly from those that continue to struggle long after the headlines fade”.
The report also points to the limits of risk transfer through insurance. While cyber insurance can offset some of the direct financial costs of an incident, reputation risk remains largely uninsurable.
This means firms must focus on strengthening governance, crisis management and stakeholder engagement strategies to mitigate long-term harm, the broker advised.
“As cyber threats grow more complex and interconnected, companies need a clearer view of their exposure, stronger alignment between cybersecurity and insurance strategies, and the tools to make better, data-driven decisions,” said Rieth. “Aon is uniquely positioned to support clients through these challenges.”
The 2025 report draws on data from Aon’s proprietary Cyber Quotient Evaluation platform, which provides firms with insights into their cyber exposures and insurability to help improve both underwriting outcomes and risk management practices.
The report added: “Cyber events that evolve into reputation risk events are rare but severe, with the power to erode years of shareholder value in a matter of days. The companies that succeed in today’s environment will be those that plan for the worst and build resilience for the future.”
No comments yet