UK cyber breach rate holds at 43% as AI widens attack threat

Government data and industry warnings point to a widening gap between AI-enabled attacks and client readiness

UK cyber breach rate holds at 43% as AI widens attack threat

Cyber

By Mark Rosanes

Businesses across the UK are being urged to act on their cyber defences. The UK government warned in an April open letter that artificial intelligence is accelerating attacks faster than previously anticipated.

The government's open letter to business leaders stated that AI is now capable of "finding weaknesses in software, writing the code to exploit them and doing so at a speed and scale that would have been impossible even a year ago." AI cyber capabilities are "accelerating even faster than had been previously envisaged," it added.

The warning aligns with official government data. The Department for Science, Innovation, and Technology (DSIT) and the Home Office published the Cyber Security Breaches Survey 2025/2026 in April, finding that 43% of UK businesses experienced a breach or attack in the prior 12 months. Phishing was the dominant attack type, reported by 38% of all businesses.

AI is not introducing new attack categories. It is lowering the barrier to entry. Capabilities once limited to well-resourced threat actors are now accessible to a broader class of attacker.

Readiness gap widens for commercial clients

Automated reconnaissance, targeted phishing, and rapid vulnerability exploitation are becoming standard tools for less sophisticated actors. Aon's 2026 Global Risk Management Survey ranked cyber-attacks and data breaches as the top enterprise risk, with that position expected to hold well into 2028.

Many businesses describe themselves as only "somewhat prepared." Rob Kemp, CEO of commercial risk in the UK for Aon, cited fragmented governance and limited testing of AI-driven incident scenarios as contributing factors. He added that some organisations are "still viewing AI as a future issue and delaying the implementation of critical cyber risk management strategies."

The DSIT survey supports that picture. Only around a quarter of UK organisations already using or adopting AI said they have security practices in place to manage the associated risks.

Underwriters are responding to the same readiness gap. Insurers are updating risk models to account for AI-accelerated attacks and examining clients' access controls, resilience, and incident response planning more closely.

Coverage terms under the microscope

Reviewing whether cyber policies respond adequately to AI-related incidents is now a standard advisory step. Policy wordings are under active market scrutiny. Some carriers are moving to address AI-enabled attacks through endorsements or exclusions.

Clients that cannot demonstrate robust governance face narrowed options at renewal. The recommended baseline includes timely patching, vulnerability remediation, multi-factor authentication, and tighter privileged access controls. Incident response plans need updating to cover AI-enabled attack scenarios.

Board-level AI risk dashboards should be in place with defined ownership of remediation actions. Benchmarking client controls against sector peers is becoming a standard part of the pre-renewal conversation. It is increasingly a factor in what coverage is available and at what price.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!