The rising cost of weak risk mitigation controls

Property insurers faced another costly year in 2025. ABI data shows UK insurers paid £6.1bn in property claims, the highest annual total since ABI began collecting this data in 2017. Weather-related property claims reached £1.2bn, 14% higher than in 2024.

Those figures matter because they point to something risk managers have known for a long time. The vast majority of the common loss drivers are not new.

Although every incident has its own causes, public claims and incident data continue to point to familiar themes: adverse weather, water damage, fire and workplace injury risks.

Put simply, the risk list has not changed as much as the consequences have. When everyday risk mitigation controls are not visible, practical and followed through, familiar risks can become expensive ones.

“From a risk engineering perspective, most of the issues that can lead to serious losses are familiar,” says David Reynolds, Head of Risk Engineering and Surveys at RiskSTOP. “Businesses are often managing a lot of competing priorities, so the challenge is keeping everyday controls visible, practical and consistently followed.”

This is where risk management matters. It gives businesses, brokers and insurers a way to look beyond the policy document and ask a more practical question: are the risks fully understood and are the controls genuinely effective in practice?

The same risks, higher consequences

Weather, water and fire remain central property risk themes.

Take weather. A blocked gutter or unresolved roof defect can look insignificant on a normal day. During heavy rainfall, it can quickly become water ingress, creating operational disruption and a business interruption issue.

That is why roof integrity, drainage capacity, flood preparedness and external fabric checks need to be treated as active risk controls, not occasional maintenance tasks.

Water-related losses follow a similar pattern. The issue is rarely the initial leak itself. The greater loss often arises when inspection, maintenance or response arrangements fail to identify the problem early.

Fire risk tells the same story. In England, there were 13,134 “other building” fires in the year ending March 2025. MHCLG (Ministry of Housing, Communities and Local Government) data also shows electrical systems were the largest specified source of ignition for other building fires, at 16%.

That reinforces a wider risk management principle: fire safety cannot be assessed through one issue alone. Electrical systems, housekeeping, compartmentation, fire-stopping, fire doors, detection systems, building alterations and combustible contents all influence how a fire develops and how well a building performs.

Policies do not manage risk by themselves

HSE statistics for 2024/25 show slips, trips or falls on the same level accounted for 30% of RIDDOR-reported employee non-fatal injuries. Handling, lifting or carrying accounted for 17%.

These are not obscure risks. They are common, visible and often linked to housekeeping, supervision, training, task planning and communication.

For public liability, the same principle applies. Safe access routes, contractor controls, tenant responsibilities, visitor management arrangements and inspection records need to be demonstrably effective in practice, not simply documented.

“The paperwork is only part of the picture,” adds David. “When we review a risk, we are looking at whether controls are understood, realistic and workable in day-to-day operations. The more visible those controls are, the easier it is for businesses to keep people safe and show that reasonable steps are being taken.”

The cost of delay

The overall cost of a claim is determined not only by the incident itself, but also by the speed and effectiveness of recovery.

Even moderate physical damage can become a larger financial loss where repairs take longer than expected, specialist contractors are difficult to secure, replacement equipment is delayed or temporary premises have not been considered.

Business interruption planning therefore needs to test real recovery assumptions, not rely on best-case estimates.

What should be visible?

So what should organisations be able to demonstrate in practice? In practical terms, the question is whether the organisation can show that the basics are understood, maintained and acted on.

• Maintenance actions have owners, target dates and close-out records.

• Housekeeping is checked, recorded and escalated where needed.

• Roof, drainage and flood controls are reviewed before severe weather.

• Fire protection measures work together as a complete system.

• Induction, supervision and task controls match the work being carried out.

• Business interruption plans reflect realistic repair and recovery times.

These are the risk mitigation fundamentals. But when they are missed, delayed or hard to evidence, the consequences can become far more expensive.

A year that reinforces the risk mitigation fundamentals

Put simply, 2025 did not change the fundamentals of risk management. It made the cost of weak fundamentals harder to ignore.

Effective risk management is not necessarily more complex. More often, it is the consistent application of proportionate controls that determines whether a routine incident remains manageable or develops into a significant loss.

For a broader view of the risk themes shaping the year ahead, see RiskSTOP’s latest risk management infographic.