Aviva overhauls cyber proposition as AI-driven threats and SME exposure grow

Insurer expands appetite across Cyber Complete and Cyber Respond

Aviva overhauls cyber proposition as AI-driven threats and SME exposure grow

Cyber

By Josh Recamara

Aviva has refreshed its cyber insurance proposition, enhancing cover across Cyber Complete and Cyber Respond as insurers adapt to a threat landscape increasingly shaped by AI.

The update broadens Aviva's appetite and modernises wordings for a wider range of clients, from micro-enterprises to mid-market organisations.

Aviva's Broker Barometer survey found cyber risk tops brokers' list of SME concerns, while separate Aviva research from December found 36% of SMEs ranked cyber as their most significant risk. Official figures bear this out. The government's Cyber Security Breaches Survey 2025/2026 found 43% of UK businesses were breached or attacked in the last 12 months, roughly 612,000 organisations, and that breaches resulting in lost revenue or share value more than doubled year on year, from 2% to 5%. Phishing remained the most common breach type, affecting 38% of businesses.

Cyber Complete modernised and simplified

The update to Cyber Complete, aimed at small and mid-market organisations, brings clearer wording on AI-driven attacks, including deepfakes and digital impersonation. Reputational protection is now standard, covering coordinated deepfake takedown, restoration of public records after identity fraud, and specialist support around the clock.

Crime cover now includes cyber-enabled financial losses, including theft of client funds and social engineering scams, under a refreshed Cyber Crime definition. Aviva has also removed outdated exclusions and simplified client requirements.

Stronger business interruption protection

Business interruption cover has been strengthened to reflect the causes and consequences of disruption, whether from a direct attack or an issue further down the supply chain.

The refreshed cover includes interim payments to support cash flow during recovery, and runs on a Time Franchise basis, so cover backdates to the start of an incident once the waiting period is met.

Additional cover is available for supply chain dependencies, including system failure at outsourced service providers, timely given how many recent UK incidents began with third parties rather than the victim's own systems.

Enhanced cover for small businesses through Cyber Respond

Aviva has also updated Cyber Respond, its product for smaller businesses and micro-enterprises, adding cover for common threats including corporate identity fraud and telephone hacking. Customers across both products retain 24/7 specialist support through Crisis Management cover, allowing immediate advice following an incident without triggering the excess. Both are written on an Any One Claim basis, with the full limit of indemnity applying to each claim rather than being shared across the policy period, and a single excess applies for the entire period on both products.

Richard Taylor, head of cyber and technology at Aviva, said cyber threats continue to evolve quickly and that it's crucial the proposition evolves with them. Aviva has expanded its appetite and strengthened its cover, he said, to help brokers support a wider range of businesses against a growing range of threats, from AI-driven attacks to disruption across the supply chain.

"Cyber risk is a real concern for businesses of all sizes," Taylor said. "Our updates are designed to give our clients confidence that in the event of an incident, they'll be supported by wide-ranging and repeated protection, and a team that understands the risks of today."

Taylor added that while cyber risk can appear complex and fast-moving, Aviva is committed to working with brokers to make it as simple as possible for businesses to stay protected.

A softening market chasing an under-insured segment

The update lands at a pivotal moment for the UK cyber market. DUAL has warned the UK is in "late-stage softening," with rates falling even as claims severity climbs, a trend that could push combined ratios toward unprofitability by 2027. Expanding appetite and limits, rather than competing purely on price, is one way carriers can pursue growth without deepening that slide.

The opportunity on the SME side is significant. UK cyber insurance penetration among SMEs remains below 10%, per S&P Global Ratings, and GlobalData's 2025 UK SME Insurance Survey found 60.8% of SMEs hold no cyber cover, most commonly because they believe they are unlikely to be targeted. Brokers see the category as their standout growth line, with 53.6% expecting cyber to record the strongest growth of any product, per GlobalData's broker survey.

Closing that gap is also a priority for brokers. The British Insurance Brokers' Association made SME cyber education central to its 2026 manifesto, with chief executive Graeme Trudgill highlighting supply chain risk and low SME uptake as priorities.

Aviva's simplified Cyber Respond cover and widened appetite for Cyber Complete position it to compete for that segment, as rival carriers and MGAs push new capacity into a market brokers increasingly view as first-time-buyer territory.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!