Cyber events that cause reputation risks can result in a 27% drop in shareholder value, according to analysis from Aon.

The findings build on 2023 research that found major cyber incidents led to an average 9% decline in shareholder value over the following year. This year, Aon analysed more than 1,400 global cyber events to identify which types of attacks are most likely to evolve into reputation risk events, and which can be the most damaging when they do.

Brent Rieth, global cyber leader at Aon said preparation is key when seeking to avoid the reputational and financial fallout that can follow a cyber event.

“As cyber threats grow more complex and interconnected, companies need a clearer view of their exposure, stronger alignment between cyber security and insurance strategies and the tools to make better, data-driven decisions,” he added.

The report also highlights the growing challenge of managing uninsurable risks. While cyber insurance can help transfer some financial exposure, reputation risk remains largely non-transferable, making proactive risk management and crisis response essential.


Key findings: Reputation and cyber risk (Source: 2025 Cyber Risk Report, Aon)

• Of the 1,414 cyber events analysed, 56 developed into reputation risk events, which are defined as cyber incidents that attract significant media attention and lead to a measurable decline in share price.

• Companies affected by these reputation risk events experienced an average shareholder value decline of 27%.

• Malware and ransomware attacks were the most likely to trigger reputational damage, accounting for 60% of all reputation risk events, despite making up only 45% of total cyber incidents.

• Five drivers of value recovery – preparedness, leadership, swift action, communication and change – were identified as critical levers for mitigating reputational fallout.



Pictured: British firm Marks & Spencer was one of several retailers to be hit by a cyber attack in recent weeks.


SUGGESTED READING

In plain sight, by Martin Allen-Smith
Ransomware incidents continue to rise, driven by compromised perimeter security and remote desktop products and, as a string of retailers will attest, no company is immune.

---