Cyberattacks and data loss top concerns for directors and officers

Cyberattacks and data loss continue to rank among the most pressing risks for company directors and officers, according to the latest Cyber Directors’ and Officers’ Survey Report from Willis, a WTW business, and a significant percentage are ready to pick up insurance to help. 

The report, based on responses from companies across sectors, including services and financial services, revealed that 53% already have cyber cover, while a further 18% plan to purchase a policy within two years. Cyber coverage also remains a key part of directors’ and officers’ liability insurance. 

While cyber premiums had been softening earlier this year, insurers are now applying upward pressure, with some retail clients facing premium hikes of around 10%. Although cyber claims volumes have declined by 20% compared to 2023, they remain well above pre-pandemic levels. This has led to tighter underwriting controls and a reassessment of coverage limits. 

While cyberattacks were identified as the top concern for respondents in Great Britain, data loss was cited as the leading threat in North America and the Middle East. Despite a rise in cyber incidents globally, the report recorded a two-percentage-point drop in the risk ranking of cyberattacks between 2024 and 2025. 

The report also noted changes in how organizations are managing cyber risk at board level. A growing number of boards are receiving regular updates on cybersecurity. In 2025, 28% of respondents said their boards receive monthly cyber updates, up from 18% the year before. Meanwhile, the share of boards that only receive updates after an incident dropped from 20% to 12%. 

Cyber oversight is also broadening beyond the senior leadership team, with respondents reporting greater involvement from individuals in technical or operational roles. The shift reflects efforts to integrate strategic and technical perspectives in managing cyber threats. 

Incident preparedness is also improving. Eighty per cent (80%) of respondents said they have a cyber incident response plan in place, and more than two-thirds had conducted a response exercise in the past 12 months. The number of respondents who said they felt well prepared to manage a cyber incident rose from 56% to 65% year-on-year. 

Spending on cyber security is expected to increase, although at a slower rate. Fifty-six per cent (56%) of organizations anticipate raising their cyber security budgets in 2025, down from 63% in 2024.