Risk landscape and claims
Across all sectors, cyber risks, including data breaches, social engineering, and sophisticated fraud, remained crucial components of claims and operational losses in 2025.
Awareness among banks of their accountability for authorised push payment (APP) fraud — where individuals are deceived into voluntarily transferring money from their own accounts to fraudsters — has increased thanks to enhanced regulation by the Payment Service Regulator (PSR). The increase in APP was exacerbated by economic pressures and social factors, including employee dishonesty. For the first time since 2020, crime-related claims have surpassed directors and officers (D&O) claims in volume, accounting for 23% compared to 20% for D&O claims, while PI claims remain the largest category at 56%.
Asset managers grappled with breach-of-mandate claims, regulatory investigations, and frequent trade errors, alongside a growing incidence of employment practices liability (EPL) claims driven by allegations of poor management and discrimination. While crime-related losses remained rare — primarily because client funds are generally held and transacted through intermediaries, which reduces the risk of direct misappropriation — social engineering fraud emerged as a significant concern.
The digital assets sector recorded total losses exceeding US$3 billion in 2025, up from just under US$2 billion in 2024. These losses were driven by employee infidelity and computer fraud, including high-profile exploits of decentralised finance (DeFi) protocols, driven by vulnerabilities in the smart contracts that implement them. These events have heightened client concerns about coverage scope and exclusions and led insurers to tighten underwriting and emphasise concrete security controls, governance, and compliance.
Fintech firms, despite relatively low claim volumes, faced increasing fraud from account takeover and chargebacks. This raises questions about the adequacy of internal policies amid rapid digital account access and insufficient fraud controls.
In 2025, insurance companies faced a sharp increase in bad-faith claims. These more than doubled in frequency and severity across multiple lines. Bad faith allegations remained diverse and highly case-specific, ranging from coverage disputes and delays in investigation to misdirection in claims handling, all of which contributed to greater unpredictability.
Overall, 2025 underscored the growing intricacy of risk across financial institutions, where operational, cyber, regulatory, and technological threats intersect, demanding adaptive risk management and insurance strategies.
