Aon has released the UK results of its 2025 Global Risk Management Survey, highlighting trends in risk management and governance among UK businesses.
According to the survey, 78.6% of UK respondents report direct board involvement in risk oversight, compared with 61.4% globally. This suggests that senior leadership in the UK is taking a more active role in managing business risks.
The survey also found that 75.4% of UK firms have dedicated risk or insurance departments, exceeding the global figure of 68.4%. UK organisations are more likely to rely on brokers for identifying major risks, with 78.3% doing so versus 55.7% globally. This indicates a preference for specialist advice alongside internal expertise.
Cyberattacks and data breaches, business interruption, and economic slowdown are identified as the top current risks for UK businesses. Looking to the future, UK firms are notable for ranking artificial intelligence and increasing competition among their top five emerging risks for the next three years. This reflects a focus on both technology-driven and traditional risk exposures.
In terms of risk quantification and management, 68.8% of UK organisations measure their total cost of insurable risk, compared to 54% globally. Three-quarters of UK firms currently operate or plan to establish a captive insurance vehicle, pointing to a more advanced approach to risk financing and governance.
Rob Kemp (pictured above), head of commercial risk for Aon UK, commented on the findings, saying, “The findings show that UK boards are adopting a more structured and data-driven approach to risk oversight. Many are using analytics and specialist insight to better understand emerging risks - particularly around technologies such as AI – as well as to balance innovation with regulatory and ethical considerations.”
Kemp noted that the current risk environment “demands more than incremental change,” and that leaders should view resilience as a source of competitive advantage, using data and analytics to anticipate disruption and act decisively.
The 2025 survey previously revealed that geopolitical volatility has entered the top 10 global risks for the first time, signalling a shift in the risk landscape for insurers, brokers, and policyholders. This development reflects growing instability in trade flows, supply chains, and financial performance, and has led to increased demand for political risk, contingent business interruption, and trade credit coverage.
However, the survey found that only 14% of organisations track their exposure to the top ten risks, and just 19% use analytics to measure the value of their insurance programmes.
Cyberattack or data breach continues to be the number one risk globally, both now and in the future. Despite its prominence, only 13% of respondents have quantified their cyber exposure, contributing to widespread underinsurance.
Meanwhile, MS Amlin provided commentary on the findings, with insights from its senior underwriting and catastrophe research team.
Tim Finch, MS Amlin’s lead underwriter for financial lines, addressed the risks associated with the rapid adoption of artificial intelligence by firms. Finch noted that as companies compete to demonstrate their AI capabilities, there is a risk that leaders may overstate the functionality of their systems.
"So-called ‘AI-washing’ can trigger investor backlash and regulatory action, and poses a growing liability risk for executives.” Finch added that increased scrutiny from regulators and investors raises the potential for legal claims against companies and their executives, whether for misrepresentation or shortcomings in AI governance and technology.
“Company leaders must ensure all AI-related statements to investors are accurate and well substantiated. Transparency in communication and appropriate insurance and risk-management measures are now an essential part of responsible AI adoption," he said.
Martin Burke, chief underwriting officer at MS Amlin, discussed the impact of cyberattacks on business reputation and customer retention. Burke cited research showing that a company affected by a cyber incident could risk losing a third of its prospective customers, with 36% of consumers indicating they would view a firm negatively if it lost customer data or was forced to halt normal service.
“Cybercrime today is as much a real-world risk as extreme weather and political unrest, and is just as fluid and unpredictable. Businesses and brands need to ensure they’re treating it as such to avoid the lasting ramifications we’re seeing play out around high profile cyber attacks in the last few months," Burke said. "This is where the insurance market plays a crucial role. While the financial cost of a cyber attack can be staggering, the implications are even more complex, reaching far beyond the company that has been targeted into the community and - ultimately - the wider economy.”
What are your thoughts on this story? Please feel free to share your comments below.
