Aon study: The frequency of reported cyber incidents increased by 22% compared to the previous year.

Aon Romania announces the launch of the “2025 Global Cyber ​​​​Risk Report”, conducted by the Aon group internationally, which highlights the severe impact of cyber risks on the value of companies and the growing reputational exposure.

According to the data, the frequency of reported cyber incidents increased by 22% compared to the previous year. In parallel, the company reaffirms its commitment to supporting the Romanian business environment with specialized insurance and consulting solutions in the Cyber ​​​​field, in a context where demand is growing, but the local market is still in an early stage of development. Ransomware remains one of the most frequent and costly forms of cyber attack, despite a slight decrease in the average value of payments.

According to Aon data, the number of compensation claims following ransomware attacks is constantly increasing, reflecting increasing pressure on companies across all industries. The number of such incidents increased significantly between 2020 and 2023, and the increasingly sophisticated nature of the attacks implies major indirect costs, such as business interruption and reputational damage.

The most targeted sectors were the consumer and industrial products industry, the professional services and consulting sector, manufacturing and real estate. According to the global report released by Aon, of the 1,414 cyber incidents analyzed, 56 evolved into reputational events, defined as situations with intense media exposure and significant drops in share value. Companies affected by such incidents recorded an average decrease in shareholder value of 27%. Malware and ransomware attacks are the most likely to trigger reputational damage, representing 60% of the total of these events, even though they only represent 45% of all cyber incidents.

The report also highlights five key factors for limiting reputational impact: preparation, leadership, rapid response, communication and change. At the same time, a major challenge is signaled: managing risks that cannot be transferred through insurance, such as reputational ones, which makes prevention and rapid response to the crisis essential. “In Romania, interest in Cyber ​​​​insurance is growing, especially among large companies that analyze offers from international players. However, the SME segment remains poorly covered, mainly due to lack of information and budgetary constraints. With our local expertise and access to Aon group resources across the EMEA region, we can support companies in Romania to correctly assess their risks and identify suitable coverage solutions,” said Eugen Anicescu, CEO of Aon Romania.

Currently, the local Cyber ​​​​insurance market is supported by a small number of insurers with an appetite for such risks, and the underwriting capacity for high coverage limits remains limited. Aon Romania supports clients with personalized risk assessments, through the Cyber ​​​​Quotient Evaluation (CyQu) tool, and by comparing existing offers, thus facilitating informed decisions and effective partnerships with insurers.

“It is essential that organizations do not perceive cyber insurance as just a policy taken out post-incident, but as an integral part of their risk management strategy. That is why we focus not only on risk placement, but also on education, prevention and a detailed understanding of contractual exclusions and responsibilities,” added Leonard Oprea, Account Management Commercial Risk Solutions Aon Romania.

A Cyber ​​​​insurance can cover a wide range of risks, including incident remediation costs, data recovery, legal advice, third-party liability, reputational crisis management and business interruption losses. These components are becoming essential for any company operating in a complex digital environment and subject to constant attacks. Through regional initiatives and strategic collaborations, such as organizing webinars in partnership with KPMG or developing customized solutions, Aon actively contributes to the development of the profile market and reducing the information gap. In 2025, the company aims to accelerate the adoption of digital protection solutions through a consultative approach, adapted to the local specifics and supported by the group’s global infrastructure.