Cyber events that cause reputation risks can result in an average of 27% drop in shareholder value, highlighting the growing financial and reputational stakes of cyber risk.
This is among the findings from Aon’s 2025 Cyber Risk Report, which builds on its 2023 finding that major cyber incidents led to an average 9% decline in shareholder value over the following year.
This year’s report goes further, analysing more than 1 400 global cyber events and identifying which types of attacks are most likely to evolve into reputation risk events and which can be the most damaging when they do.
“Cyber risk is no longer just a technology issue – it’s a boardroom issue,” says Brent Rieth, global cyber leader at Aon. “Our latest research underscores the importance of proactive risk mitigation. Organisations that invest in preparedness and resilience are far better positioned to avoid the reputational and financial fallout that can follow a cyber event.”
Zamani Ngidi, business unit manager of M&A and cyber solutions at Aon South Africa, comments: “Organisations are grappling to understand the level of cyber risk their business is faced with at executive committee and board level.
“As the threat landscape diversifies with new and developing technology, clients need to continuously invest in information security to counter these efforts but often do so without fully understanding the return on security investment (ROSI).
“Resiliency is tantamount to an organisation’s ability to recover from a cyber incident and it is essential to have a risk management and insurance solution in place that is built for purpose.”
Some of the report’s key findings are:
- Of the 1 414 cyber events analysed, 56 developed into reputation risk events, which are defined as cyber incidents that attract significant media attention and lead to a measurable decline in share price.
- Companies affected by these reputation risk events experienced an average shareholder value decline of 27%.
- Malware and Ransomware attacks were the most likely to trigger reputational damage, accounting for 60% of all reputation risk events, despite making up only 45% of total cyber incidents.
- Five drivers of value recovery – preparedness, leadership, swift action, communication and change – were identified as critical levers for mitigating reputational fallout.
The report also highlights the growing challenge of managing uninsurable risks. While cyber insurance can help transfer some financial exposure, reputation risk remains largely nontransferable, making proactive risk management and crisis response essential.
“As cyber threats grow more complex and interconnected, companies need a clearer view of their exposure, stronger alignment between cybersecurity and insurance strategies, and the tools to make better, data-driven decisions. Aon is uniquely positioned to support clients through these challenges,” says Rieth.