Cyber risk dominates
39% selected cyber risk – data breaches, criminal threats and widespread outages – as their top risk concern, up from 27% in 2025.
Cyber risk is now the number one threat concern of UK executives. What was once seen as an IT problem has become a serious business risk, with the potential to disrupt operations, damage reputation and spread across supply chains with lasting impact.
Our tracking of UK executives shows strong concern about cyber risk, but also high confidence in existing resilience measures. Many believe they would recover fully - financially and reputationally - after a cyber incident. In reality, this confidence is likely to be misplaced.
Cyber criminals are increasingly using AI driven tools to run fast, large scale phishing and reconnaissance attacks. These automated systems exploit the connected nature of modern technology, making attacks quicker, smarter and far harder to detect or contain. As a result, cyber threats are escalating across the UK economy, with less warning and greater consequences.
Resilience today must be built into everyday business planning, not treated as a one off exercise. UK organisations need clear, well tested business continuity plans that allow them to respond quickly and effectively to cyber incidents.
Planning should also consider the real cost of an attack. This includes understanding how much financial impact the business can absorb, what cyber insurance is in place, where cover may be limited, and where controls or processes have gaps. Without this clarity, recovery will be slower, more expensive and more disruptive.
Source: Beazley Risk & Resilience Surveys.
The data shows a clear shift in UK risk priorities. Cyber risk rises sharply this year, overtaking all other risks, reflecting escalating threat intensity.
Tech disruption and intellectual property (IP) risk concern steadily declines, while concern over technology obsolescence peaked last year, suggesting AI-related short‑term transition pressures followed by anticipated stabilisation this year.
Our survey responses reveal rising confidence in UK organisational resilience across all four risk areas. Resilience levels increased sharply between 2024 and 2025, and stabilise at a high level through this year.
This suggests improved perceived preparedness, driven by stronger planning, controls and investment, even as risks continue to evolve.
UK-based executives are prioritising resilience investments that emphasise innovation and capability building. The strongest focus is on new technologies such as AI, signalling a shift toward technology‑led cyber resilience. Investment in improved cyber security remains a core priority, while around a third of executives plan to explore risk management services and insurance solutions that include crisis support to mitigate the impacts of a cyber incident.
Source: Beazley Risk & Resilience surveys.
Smaller organisations are more exposed to disruption and technology obsolescence due to limited resources and legacy systems. They are often reactive, with IP risk secondary to short‑term operational continuity driven by cyber threats.
Larger organisations report higher cyber risk concern and technology obsolescence risk, reflecting wider digital footprints, complex supply chains and higher regulatory and reputational exposure.
Perceived preparedness is high across both small and large organisations for cyber and technology risks, exceeding 79% in all categories.
Large organisations consistently report slightly higher confidence, particularly for cyber risk and IP risk, reflecting stronger resources and governance.
Small businesses in the UK expect cyber incidents to drive long term disruption and management burden, while large UK organisations are more concerned about data loss, regulatory fines and reputational damage. This reflects larger firms’ greater regulatory exposure and public visibility, whereas small businesses feel the operational impact of a cyber incident more immediately.
Cyber risk concern varies widely among UK-based executives. Manufacturing, Retail and Food & Beverage executives show the highest concern (60%), followed by Tech, Media & Telecoms (52%). Healthcare, Hospitality and Commercial Property report comparatively low concern, suggesting uneven risk perception across sectors with differing threat exposures.
Perceived preparedness is high across all industries. Tech, Media & Telecoms lead with 94%, followed by Transportation (88%) and Manufacturing (87%). Even sectors with lower concern, such as Hospitality and Healthcare, report strong confidence, indicating optimism that may mask operational or sector specific cyber weaknesses.
Perceived cyber attack impacts vary sharply by sector. Data loss and regulatory exposure dominate concerns in transport, technology and healthcare and life science, while financial and professional services organisations prioritise long term business disruption.
Public sector respondents highlight third party liability, and reputational damage is most acute for technology and consumer facing industries.