UK M&A ACTIVITY “HITS THE BRAKES”
MarshBerry data show only seven UK distribution deals in May, leaving 2025 volumes 30% below 2024’s pace with just 42 transactions year-to-date. Smaller targets dominate (69% under £5 million), and privately owned brokers for sale are dwindling.
While private equity still backs the largest deals, supply constraints (rather than waning buyer demand) are slowing consolidation, even as MGAs continue to attract investment.
Source: Insurance Business Magazine. (2025). UK insurance M&A hits the brakes. Insurance Business UK.
What this means for brokers and clients:
- Valuation dynamics: Brokers may wish to re-examine valuation assumptions given reduced deal flow and rising multiples.
- Alternative structures: Consider presenting joint-venture or MGA partnership options alongside traditional M&A solutions.
- Capital allocation guidance: Advisory conversations might include the relative merits of technology or organic-growth investments in lieu of acquisition.
5,414 PUBLISHED RANSOMWARE ATTACKS WORLDWIDE
Cyberint’s 2024 report records 5,414 attacks, an 11% rise year-over-year, with Q4 alone accounting for 33 % of incidents. The number of active groups jumped 40% (from 68 to 95), fueled by fragmented “’Ransomware-as-a-Service’ models that onboard new affiliates.
The US bore 80% of attacks, while law-enforcement pressure on major gangs only spurred competition among smaller, more agile actors.
Source: Cyberint. (2025). Ransomware annual report 2024.
What this means for brokers and clients:
- Coverage adequacy reviews: Brokers could assess whether existing cyber programs address multi-vector extortion and BI losses under RaaS models.
- Incident preparedness: Recommend clients evaluate the value of pre-negotiated response services and regular tabletop exercises.
- Underwriting depth discussions: Engage carriers on the granularity of threat-actor analysis available in policy underwriting.
M&S UPDATE: HACKERS “APPEAR TO HAVE DETAILS” ABOUT INSURANCE POLICY
Following the £300 million intrusion, the ‘DragonForce’ hacker group notified Marks & Spencer’s CEO that they “know we can both help each other handsomely,” implying inside knowledge of the retailer’s cyber coverage (Hooker, 2025).
This brazen tactic combines data theft with policy-specific extortion and raises the specter of further targeted demands and reputational fallout, especially as the hackers also told the BBC: “We’re putting UK retailers on the Blacklist.”
Source: Cyberint. (2025). Ransomware annual report 2024.
What this means for brokers and clients:
- Document handling protocols: Suggest clients strengthen controls around policy document distribution and access.
- Crisis-management frameworks: Encourage establishment of incident workflows that limit exposure of sensitive coverage details.
- Policy enhancement reviews: Explore add-on modules for pre-breach assessments and post-incident legal or PR support
CAT BOND MARKET SURGES: TRACKING TOWARDS SECOND-BIGGEST YEAR EVER
Q1 2025 issuance hit a quarterly record of $4.25 billion — on track for over $6 billion this quarter — a 50% uptick versus 2024.
The inflow of insurance-linked securities (ILS) capital underscores investor faith in catastrophe modeling and boosts overall market capacity, especially for high-limit, climate-driven layers.
Source: Artemis. (2025, May 21). Catastrophe bond issuance already tracking to second-biggest year on record in 2025.
What this means for brokers and clients:
- ILS integration: Brokers may position ILS-backed reinsurance options as part of large-limit or layered programmes.
- Parametric/tranche structures: Consider introducing parametric triggers or tranche designs benchmarked to CAT-bond metrics.
- Model validation support: Facilitate independent catastrophe model reviews to align with investor and reinsurer expectations.
MAY 2025 WEB3 LOSSES TOTAL $266 MILLION
SlowMist’s forensics place May’s Web3 losses at $266 million, led by the Cetus Protocol exploit on May 22 that drained Sui-ecosystem liquidity pools. Smart-contract flaws and insufficient audits remain core vulnerabilities.
Post-breach, protocols saw sharp liquidity drops, trading slowdowns, and widened slippage, prompting rapid patching and calls for stronger real-time threat detection.
Source: AInvest. (2025, June 3). Web3 security breaches cost $266 million in May 2025.
What this means for brokers and clients:
- Digital-asset coverage scope: Brokers could verify that policies explicitly cover smart-contract failures, key-management events, and liquidity drains.
- Security-governance prerequisites: Recommend inclusion of periodic third-party code audits and on-chain monitoring in coverage conditions.
- Parametric trigger options: Present parametric solutions tied to liquidity metrics or exploit-detection alerts for expedited claim settlement.
Want more market insights?
Revisit the previous edition — Risk Wrap 003. Each issue unpacks high-impact developments across insurance, risk, and emerging exposures, helping brokers and clients stay a step ahead.
You can also view our LinkedIn snapshot of this edition to see highlights and join the industry conversation.
