Authors: Sam Cheshire Shaw Woodley Mitchell
"It's time for organisations to transition from a reactive defence strategy to one focused on proactive resilience. This means ensuring that your systems, personnel, and processes are all aligned to withstand and recover from the inevitable threats," says Sam Cheshire, head of Cyber, UK Retail, Gallagher.
Let's understand the current threats organisations could face and how forward-thinking solutions are essential to help safeguard operations, protect sensitive data and maintain stakeholder trust.
Evolving threat landscape: Most vulnerable areas
Ransomware incidents increased from 48% of total cybersecurity cases in 2024 to 52% in 20251. Attackers are increasingly moving away from traditional encryption-based attacks, towards standalone data exfiltration. The aim is primarily to target sensitive corporate data for payment rather than disrupt systems. Supply chain incidents also became more prominent, rising from 6% of total cybersecurity cases in 2024 to 19% in 20251.
"Looking back at the data from last year, it's clear that the downtime caused by ransomware attacks can paralyse an organisation for several days. Recovery efforts, which include forensic investigations, system rebuilds and legal costs, can be significant, even before any ransom negotiations begin," adds Shaw Woodley-Mitchell, account executive and Cyber lead at Gallagher.
Human error remains a significant factor in cyber incidents, serving as a primary entry point for many attacks due to gaps in awareness and poor security practices. Mailbox compromises and invoice fraud are becoming increasingly common, showing how cybercriminals are adapting their tactics. These attacks result in significant financial losses and damage to a company's reputation, underscoring the need for stronger security measures and better employee training.
What can organisations learn from recent incidents?
In addition to maintaining a strong foundation of security and acting quickly when a breach occurs, businesses can strengthen their cyber resilience in the following ways:
- Patch management: Timely updates, especially for third-party software, remain critical
- Credential governance: Implement automated credential lifecycle management, enforce MFAs and conduct regular access reviews
- Network segmentation: Separating IT and operational systems to control the spread of attacks
- Resilience planning: Regular testing and refinement of business continuity and incident response plans
The role of cyber insurance
Cyber insurance plays a broad role, supporting both response and recovery. The core components include:
Incident response services
This provides organisations with 24/7 access to specialist teams, including forensic investigators, legal advisors and ransomware negotiators. The primary focus is containment, eradication and recovery, alongside regulatory and customer notification support. Crisis communication guidance can also be provided to help manage reputational impact.
Business interruption cover
Many cyberattacks could render businesses unable to fully recover for extended periods. This cover supports operational recovery by protecting against loss of income and increased cost of working during disruption. The cover may also extend to losses from voluntary system shutdowns.
Proactive services
This feature is increasingly being offered to help organisations reduce risk exposure. It often includes vulnerability scanning, phishing simulations, employee training and access to threat intelligence. This aims to help businesses stay ahead of cyberattacks and maintain year‑round preparedness.
Claims support
Access to established panels of specialist advisors supports an efficient and coordinated response, enabling informed decision‑making and helping to limit the operational and financial impact of a cyber incident.
What organisations can do to build cyber resilience: Practical steps
- Regulatory compliance and insurance policy: Maintain clear documentation, meet all requirements, and review policy wording to understand inclusions and exclusions
- Third-party risk management: Continuously assess suppliers and partners using automated tools and regular reviews
- Backup readiness: Test backup systems regularly to ensure functionality during recovery
- Future-proof security: Adopt zero-trust frameworks; implement advanced email filtering and conduct annual penetration testing using various providers
- Crisis preparedness: Involve communication experts and ensure response plans are well rehearsed
Building a stronger cybersecurity framework
Cyber resilience is strengthened when people and technology operate in alignment. From a people perspective, it's important for organisations to conduct regular training on phishing, data handling and online behaviour. The phishing simulations should include follow-up training, and records of this training attendance and performance should be maintained. This will help track improvement and expose gaps.
As for technology, cyber teams can enforce multifactor authentication (MFA) for remote access, email systems and all privileged accounts to reduce the risk of unauthorised entry. Moreover, continuous vulnerability scanning can help identify and address potential weaknesses.
It is also important to deploy advanced endpoint protection tools, as these help monitor, detect and respond to suspicious activity in real time. Adopting zero-trust principles strengthens security by verifying every access request.
Incident response planning should also be prioritised. Testing response plans through realistic scenarios can help prepare for any future cyber incident. Understanding key responsibilities and cross-functional coordination are essential to an effective response.
Moving towards a stronger tomorrow
As 2025 has shown us, cybersecurity requires organisation-wide engagement and synchronisation between people and technology. Resilience has to be built in advance by strengthening internal controls and effectively using cyber insurance.
If you would like to discuss cyber insurance support for your organisation, reach out to a specialist at Gallagher here. Want to know more this topic? Click here to watch the webinar on demand.
Disclaimer
The sole purpose of this article is to provide guidance on the issues covered. This article is not intended to give legal advice, and, accordingly, it should not be relied upon. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. We make no claims as to the completeness or accuracy of the information contained herein or in the links which were live at the date of publication. You should not act upon (or should refrain from acting upon) information in this publication without first seeking specific legal and/or specialist advice. Arthur J. Gallagher Insurance Brokers Limited accepts no liability for any inaccuracy, omission or mistake in this publication, nor will we be responsible for any loss which may be suffered as a result of any person relying on the information contained herein.
