

The future state of the UK’s cyber market

September 09, 2025
By Vanessa Leemans
Head of Cyber, UK & Lloyd’s
The cyber insurance market is now well established in the United Kingdom. Clients are able to access coverage and to build up their resilience by making use of the risk management capabilities that form part of the cyber insurance solution.
But threat actors are continually honing their own capabilities and the increased use of new attack techniques means that the risk landscape is always shifting.
The global average cost of a cyber breach in 2024 was $4.9 million, according to IBM, a 10% increase compared with the previous year, highlighting the financial impact cyber attacks can have. A SoSafe report predicts that the global cost of cyber crime will reach $10 trillion this year.
As the threat environment evolves, the cyber insurance market in London, and worldwide, must remain focused on sustainability and building up the expertise and knowledge that will help clients face the challenges on the horizon.
The impact of AI
As with all areas of business and society, the rapid development of artificial intelligence solutions is having an impact on both the cyber threat landscape and on clients’ capabilities to build cyber resilience.
There has been a notable uptick in the number of ransomware attacks since 2023, and malicious actors are employing newer technology, including artificial intelligence (AI), to amplify both the volume and effectiveness of their attacks using techniques like phishing or impersonation. Cyberheist reported a 76% increase in phishing attempts in 2024, while, according to Verizon, ransomware was present in about 44% of recent reported breaches.
AI can be used by malicious actors to make ransomware attacks faster and more scalable. AI and generative AI can enable the creation of sophisticated and hyper-realistic videos and audio recordings that are used in phishing attacks.
Furthermore, malicious actors can create and exploit deepfakes that manipulate employees into transferring large sums of money to criminals. In one high-profile example, a deepfake impersonating a company CFO on a conference call convinced a finance worker in Hong Kong to transfer $25 million into fraudulent accounts.
We haven’t yet seen the full scale of what AI could be capable of in terms of cyber attacks. But it’s possible, for example, for attackers to reverse engineer some of the cybersecurity patches that have been published. While we haven’t seen claims stemming from this method, it is just one example of how the cyber risk is likely to change – and will continue to evolve.
AI can, however, also be used to boost organisations’ resilience to attack. AI-powered solutions can be used to increase security defences, detect anomalies, analyse data and automate responses, while keeping cybersecurity teams informed and in charge. An IBM study found that where AI was extensively used in prevention mechanisms, companies experienced costs savings in the region of $2.2 million when a breach occurred.
Emerging risks
There are several other evolving risk areas that our clients and we are monitoring closely. One of those is increasing regulatory scrutiny and the demand for stronger security measures. In the United Kingdom, the recently proposed UK Cyber Security & Resilience Bill would introduce obligations on IT providers and supply chain partners supporting critical infrastructure. The Bill proposes mandatory reporting standards, among other things, and organisations operating in the United Kingdom would need to ensure that they have effective security programs in place to comply with the requirements.
Attackers are becoming more adept at bypassing multi-factor authentication (MFA) controls. It’s important, therefore, that clients explore the use of more advanced MFAs that use contextual data like location, time of day and user behaviour patterns to assess risk.
Cloud attacks are another growing concern. Clients are stepping up their defences against these threats by using multifaceted approaches combining security tools and processes.
Zero Day Vulnerability, where a security flaw is discovered by an attacker but is unknown to the software vendor, meaning no patch or software update is yet available, is another risk area that clients are addressing by having a zero-day patching strategy. Attacks on vendors continue to pose a threat to companies. We encourage our clients to conduct thorough assessments of vendors to identify potential vulnerabilities.
We haven’t yet seen the full scale of what AI could be capable of in terms of cyber attacks.
Continual risk management
The risk picture is shifting; there is definitely more to come.
It’s beneficial to all concerned if we can work with our clients to help them on a journey of continuous risk improvement.
As human vulnerability remains a risk, and the deepfake threat becomes more sophisticated, we urge our clients to take a comprehensive approach to training colleagues. This can mean providing phishing-awareness education using real-life case-studies, among other things. The use of unique passwords and MFAs must be essential practice. And companies should have structures in place to enable colleagues to report suspected deepfakes or other security concerns.
Our clients are also using new tools to better understand and monitor their risks. More are now using inside-out scanning, which enables them to have a more continuous risk management view, compared with outside-in scanning which tends to give a view at one point in time.
Cyber insurance solutions are valuable in helping clients to assess and manage cyber threats. It goes beyond risk transfer and provides clients with a suite of services to help them prevent, prepare for, protect against and prevail over cyber threats. Our cyber services are built on four pillars: services that focus on prevention by assessing security maturity level, identifying risks and defining a cyber security strategy; services that support preparation by identifying vulnerabilities and anticipating attacks; services that prioritise protective efforts and build robust defences around critical assets; and services that help to respond, recover and emerge stronger after an incident.
As we face the future, the evolving threat means it is vital that cyber insurers continue to conduct rigorous risk assessments, remain focused on underwriting discipline and keep a close eye on our risk aggregation to manage exposures. This will facilitate a sustainable cyber insurance market which is what all of us – clients, brokers, insurers and reinsurers – want and need.
To contact the author of this story, please complete the below form
More Articles
- By Product
- By Region
Related Resources
- View All


AI in Focus

Local solutions to global threats: Rethinking cybersecurity in a changing landscape
Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. In this respect, our property loss prevention publications, services, and surveys do not address life safety or third party liability issues. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. The provision of any service does not imply that every possible hazard has been identified at a facility or that no other hazards exist. AXA XL Risk Consulting does not assume, and shall have no liability for the control, correction, continuation or modification of any existing conditions or operations. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any document or other communication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with our services, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.
US- and Canada-Issued Insurance Policies
In the US, the AXA XL insurance companies are: Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.
AXA XL, as a controller, uses cookies to provide its services, improve user experience, measure audience engagement, and interact with users’ social network accounts among others. Some of these cookies are optional and we won't set optional cookies unless you enable them by clicking the "ACCEPT ALL" button. You can disable these cookies at any time via the "How to manage your cookie settings" section in our cookie policy.