According to a recent report released by Marsh Risk, a business of Marsh, UK business leaders ranked cyber risk as their top concern for the first time, with 46% of business leaders citing it as a top priority, up 3 percentage points from 2024 and 20% from 2023.
Marsh Risk’s UK Business Risk Report surveyed more than 2,000 UK business leaders, including sole traders and businesses with more than 250 employees. The report is designed to provide industry-level insights and practical advice to help organizations prioritize actions, allocate capital and work more effectively with insurers.
The top risks cited by business leaders include cyber threats (46%), economic and financial risks (44%), compliance, legal and regulatory risks (40%) and people-related risks (39%).
The report notes that high-profile attacks, increased digitization and supply chain vulnerabilities have elevated cyber risks to the boardroom level due to widespread operational disruption, potential regulatory risks and reputational damage.
Respondents also highlighted the growing interconnectedness of risks, indicating that organizations are moving towards prioritizing resilience through technology, people and expert guidance.
To do this, organizations are moving from siled risk plans to scenario-based planning and integrated frameworks that combine technology controls, people and processes. Workforce training, supplier monitoring and governance are increasingly priorities. Companies are increasingly turning to expert consulting support to translate complex data into board-level decisions and insurance strategies.
Alistair Brighton, chief executive, UK enterprise and commercial, Marsh Risk said: “Geopolitical tensions, regulatory changes and market volatility clearly continue to impact UK businesses’ long-term planning. Cyber incidents can lead to operational downtime, regulatory risk and reputational damage, while economic or geopolitical shocks can increase network and supply chain vulnerabilities. This interdependence makes siled risk plans ineffective. Boards need clear indicators, realistic scenarios and steps they can take now. They need technical defences, continuous testing, targeted training and training.” Strong supplier due diligence, supported by expert advice. “