More than 9 in 10 UK businesses (95%) are now using Artificial Intelligence (AI) or looking into it, despite 80% believing cyber threats are rising and over half (53%) of all UK businesses experiencing a cyber attack in the last year, according to new research from business insurer QBE.
QBE’s latest Control Risks Report forecasts by the end of 2025, the number of significant UK cyber incidents will increase by 50%.
As UK businesses adopt AI to leverage new efficiencies and reduce costs, QBE is warning businesses of the evolving cyber risks and how they should manage them.
Research from QBE* reveals an optimistic technology outlook, with 87% of respondents saying AI will have a positive impact on their business and 86% believing it will lift the wider UK economy within two years. Already, 71% of UK businesses are using AI, with an additional 24% looking into it.
The same study highlights a parallel rise in cyber risk; 85% of businesses feel cyber attacks have increased in the UK during the past 12 months and more than half (53%) have experienced at least one incident themselves in the same period.
One in six businesses (16%) experienced a cyber attack that disrupted their activities for a working day or longer.
Among businesses that experienced a cyber attack, more than half (56%) said that some or all of these were related to a supplier, demonstrating how third-party platforms, including AI services, can widen the threat landscape.
The UK has the largest AI economy in Europe, valued at £72.3 billion, and the third largest in the world following the United States and China[1]. Whilst AI brings in substantial economic advantages, it is also being exploited by cybercriminals to carry out fraud and extortion against businesses of all sizes.
QBE’s research on cyber risks and AI in the UK:
- 95% of businesses are using AI or looking into it
- 80% are concerned about the cyber threats their business may face in the next 12 months
- Majority of businesses (53%) experienced a cyber attack in the last 12 months
- More than half of cyber attacks in the last 12 months (53%) were related to a supplier
- 50% of cyber attacks led to a loss of revenue
- 74% of businesses anticipate increasing their cyber budget in the next 12 months (46% in line with inflation and 27% beyond)
- One in six businesses (16%) don’t have an incident plan to respond to a cyber event
According to QBE’s latest Control Risks Report, Europe and North America experienced a near 50% growth in successful, significant and disruptive cyber incidents between 2023 and 2024. These destructive global cyber attacks are expected to rise further by ~20% to 233 by the end of 2025. In the UK, significant cyber incidents increased by 50% from 16 in 2023 to 24 last year. This year, they are expected to increase again by 50% to 36 by the end of 2025.
The QBE Control Risks report also outlines that while geopolitically motivated attacks are key drivers of digital disruption, the majority originate from cybercriminals, which are more frequent due to the higher risk appetite and broader targeting.
Last year, deepfakes were used in nearly 10% of all successful cyber incidents, with losses ranging from USD 250,000 to over USD 20m[2].
QBE advises businesses to regularly assess their cyber risk profile when implementing AI software, identifying their most critical data assets and technologies. This should be complemented by continuous improvements to monitoring and overall network resilience.
David Warr, QBE Insurance Portfolio Manager for Cyber, said:
"Businesses are increasingly interconnected, and even the strongest internal cybersecurity measures can fall short if vulnerabilities exist within their supply chains. It’s essential for organisations to assess and secure their entire IT ecosystem, including third-party partners.
“Artificial Intelligence presents both challenges and opportunities in cybersecurity. As AI tools become more accessible, cybercriminals are able to execute faster, more widespread attacks. This heightened threat environment requires vigilance and ongoing training. At the same time, when effectively managed, AI can enhance cyber defences by identifying weaknesses and enabling quicker responses.
“Organisations of all sizes, in the UK and globally, must strengthen their cyber resilience—both to prevent threats and to ensure they can respond swiftly and effectively if an attack occurs. You can have the best systems in the world, but these will be vulnerable unless you have regular staff training."
QBE’s tips for businesses:
- Keep critical systems up to date with security patches.
- Monitor all applications and systems exposed to cyber threats.
- Establish an incident response plan and ensure you have adequate cyber insurance in place.
- Provide ongoing cybersecurity training for employees.
In January 2025, the UK Government published its Code of Practice for the Cyber Security of AI, addressing the unique cyber risks associated with AI technologies [2]. QBE urges UK businesses to follow these guidelines which advise building AI systems where security is embedded from the outset, from development to deployment, and to implement robust data governance, model protection, and resilient supply chains.
*Methodology
QBE surveyed 3,600 experts (decision makers of IT, administration or insurance in businesses) in April 2025 across nine countries (UK, France, Spain, Germany, Spain, Italy, Denmark, Sweden, Canada, Netherlands) to explore business use of AI and perceptions on cyber threats. In the UK, 400 decision makers in businesses employing 100 to 2,000 people participated in the field work, which took place from 10 to 29 April 2025.
About Cyber at QBE
QBE has developed a range of tools and risk services for their clients to help them reduce their cyber risk and assist with recovery during a cyber event. For more information, please visit: https://qbeeurope.com/products/cyber/.