Aon’s 2025 Cyber Risk Report reveals cyberattacks tied to reputational damage can reduce shareholder value by 27%, underscoring the board-level threat of cyber risk.
 |
| Aon finds cyber events that escalate into reputational crises cost firms 27% in shareholder value on average, with ransomware topping the list of damaging threats. Image: CH |
DUBLIN, Ireland — June 18, 2025:
Cyberattacks that escalate into public reputation crises can wipe out over a quarter of a company’s market value, according to Aon plc’s 2025 Cyber Risk Report released this week. The global professional services firm found that such events result in an average 27 percent drop in shareholder value, signaling a dramatic rise in the cost and consequence of unmanaged cyber risk.
Building on Aon’s 2023 research, which showed an average 9 percent value decline from major cyber incidents, this year’s report analyzes over 1,400 global cyber events to identify those that triggered significant reputational fallout. The study found that 56 of those incidents gained widespread media attention and caused a measurable decline in stock prices—events Aon categorizes as “reputation risk events.”
Among these, ransomware and malware attacks proved especially damaging. Though comprising just 45 percent of total cyber events analyzed, they accounted for 60 percent of the cases linked to serious reputational harm. The report notes that these attacks often involve stolen data, public extortion threats, and operational paralysis—elements that rapidly erode customer and investor trust.
“Cyber risk is no longer just a technology issue — it’s a boardroom issue,” said Brent Rieth, global cyber leader at Aon. “Our latest research underscores the importance of proactive preparedness. Companies that plan ahead are far better equipped to avoid the reputational and financial aftershocks of a cyber event.”
The report identifies five key levers that help organizations recover from reputation-damaging attacks: preparedness, decisive leadership, immediate action, clear communication, and a demonstrated commitment to change. Aon stresses that while cyber insurance can help mitigate direct financial losses, the reputational impact of a breach remains largely uninsurable—making resilience a strategic priority.
“As cyber threats become more complex, companies need a clear view of their vulnerabilities, tighter integration between cybersecurity and insurance, and the tools to make informed, data-driven decisions,” Rieth added.
The 2025 Cyber Risk Report draws on proprietary data from Aon’s Cyber Quotient Evaluation, a patented submission platform that enables organizations to assess and improve their cyber insurability while enhancing risk management practices. The tool streamlines the underwriting process and delivers actionable insights into exposure and resilience.
Operating in over 120 countries, Aon advises global clients on risk, insurance, and workforce strategies. The firm’s latest findings add urgency to the growing call for board-level engagement in cybersecurity planning, emphasizing that the reputational stakes of a breach can be as damaging as the attack itself.