A large majority of UK businesses are now using or exploring artificial intelligence (AI) despite ongoing concerns about rising cyber threats, new data from QBE showed.
According to the business insurer’s latest research, 95% of UK companies have either adopted AI or are assessing its potential use. At the same time, 80% believe cyber threats are increasing and more than half, or 53%, experienced a cyberattack in the past year.
QBE’s Control Risks Report projected a 50% rise in significant UK cyber incidents by the end of 2025 as digital adoption continues across sectors.
While businesses are turning to AI to improve efficiency and manage costs, QBE has emphasised the need for greater awareness of associated risks and the steps required to address them.
The findings showed a generally positive outlook on AI, with 87% of respondents expecting it to benefit their business and 86% predicting it will support broader economic growth in the UK within two years. Currently, 71% of businesses are using AI tools, while 24% are in the early stages of evaluation.
The study also pointed to growing concern around cyber exposure. A majority of respondents believe the number of cyberattacks has increased over the past 12 months and 53% reported experiencing at least one incident. In 16% of the cases, the attack caused disruption lasting a full working day or more, according to the report.
Of those affected by cyberattacks, 56% said the source was linked to a supplier, suggesting that third-party services, including those involving AI, may increase exposure to security breaches.
The UK is currently the largest AI market in Europe, with an estimated value of £72.3 billion, and ranks behind only the United States and China globally. While the technology is seen as a driver of economic activity, it is also being used by criminal groups to carry out fraud and extortion targeting businesses of various sizes.
QBE’s research found that 95% of businesses are using or exploring AI. Eighty per cent (80%) expressed concern about cyber threats in the year ahead. Meanwhile 53% said they had experienced a cyberattack in the past 12 months. Among those incidents, 56% were linked to suppliers. Half of the businesses affected reported a loss of revenue, the study showed.
Seventy-four per cent (74%) of respondents said they expect to increase their cyber security budgets over the next year. Of those, 46% plan to raise spending in line with inflation, while 27% intend to go beyond it. The research also found that 16% of businesses do not currently have a response plan in place for cyber incidents.
The QBE report also noted that Europe and North America saw a near 50% increase in significant cyber incidents between 2023 and 2024. This figure is expected to rise by another 20% globally, reaching around 233 incidents by the end of 2025. In the UK, reported incidents rose from 16 in 2023 to 24 in 2024 and are forecast to reach 36 this year.
While some cyber incidents are linked to geopolitical tensions, the report stated that most are the result of criminal activity, driven by opportunistic targeting and a higher tolerance for risk.
In 2024, deepfakes featured in close to 10% of successful attacks, with financial losses ranging from US$250,000 to more than US$20 million.
QBE is advising businesses to evaluate their cyber exposure when implementing AI technologies, focusing on critical assets and systems. The company also recommended strengthening monitoring and network resilience measures.
David Warr, cyber portfolio manager at QBE, said organisations need to address cyber risks across their entire IT ecosystem, including third-party suppliers. He noted that while AI can improve cyber defences by identifying vulnerabilities and supporting faster responses, it can also be used by threat actors to launch more sophisticated and widespread attacks. He added that regular staff training remains essential, as even well-designed systems can be undermined without it.
QBE also recommended that businesses keep systems updated with the latest security patches, monitor all applications and systems for potential threats, establish an incident response plan, and ensure appropriate cyber insurance is in place. It also advised providing regular cybersecurity training for staff.
In January 2025, the UK Government published its Code of Practice for the Cyber Security of AI, which sets out guidance for addressing risks specific to AI technologies. QBE is encouraging businesses to follow the recommendations, which include embedding security throughout the AI lifecycle and ensuring strong data controls and supply chain resilience.
