Although the report identifies several positive trends benefiting all industry segments, it also highlights the necessity of constant vigilance and continuous investment in cyber risk controls based on the ongoing evolution of the threat landscape.
Professional service firms continue to lead all industry segments in improving cyber security controls and minimizing the number of “Red Flags” reported by Aon’s CyQu risk maturity evaluation platform.
This enables them to benefit from the competitive cyber insurance market and reap the rewards of investments in security improvements with lower insurance rates and stable or, in some cases, lower self-insured retentions.
Ransomware continues to be the leading cause of loss. Although average ransom payments have declined substantially, this decrease is to some extent offset by increased frequency. Professional Services & Consulting was the second most targeted sector for ransomware in 2024 at 15.82%, just behind Consumer & Industrial at 16.57%. This is in line with reports from many other ransomware services providers, showing that the threat actors continue to see the sector as one of their highest value targets.
Other less favorable trends include the rise of data breach litigation and of systemic / vendor-based breaches. The report highlights multiple instances of failures to properly protect customer data resulting in U.S. settlements greater than $30 million. Increasing dependency on vendors to aggregate, store, process and transmit data has the potential to exacerbate this issue.
Read the Aon Global 2025 Cyber Risk Report
This article is adapted from Aon Global 2025 Cyber Risk Report: Insights for Professional Service Firms (July 2025) from the Professional Services Practice at Aon.