UK business leaders have ranked cyber risk as their top concern for the first time, with 46% citing it as a leading concern, up three percentage points from 2024 and up from 20% in 2023, according to a recent report by Marsh Risk, a business of Marsh.
Marsh Risk’s UK Business Risk Report surveyed over 2,000 UK business leaders, from sole traders to businesses with more than 250 employees. The report aims to provide industry-level insight and practical recommendations to help organisations prioritise actions, allocate capital, and engage with insurers more effectively.
The top risks cited by business leaders included cyber threats (46%), economic and financial risks (44%), compliance, legal and regulatory risks (40%), and people-related risks (39%).
The report noted that high-profile attacks, increased digitalisation, and supply chain vulnerabilities have elevated cyber risk to board level, driven by widespread operational disruption, potential regulatory exposure, and reputational damage.
Respondents also highlighted the growing interconnectedness of risks, signalling a shift by organisations towards prioritising resilience through technology, people, and expert guidance.
In response, organisations are moving from siloed risk programmes to scenario-based planning and integrated frameworks that combine technical controls, people, and process. Workforce training, supplier oversight, and governance are rising priorities. Firms are increasingly seeking specialist advisory support to turn complex data into board-level decisions and insurance strategies.
Alistair Brighton, CEO, Corporate & Commercial UK, Marsh Risk, said, “Geopolitical tensions, regulatory change and market volatility are clearly continuing to affect long-term planning for UK businesses. A cyber incident can cause operational downtime, regulatory exposure and reputational harm, while economic or geopolitical shocks can increase cyber and supply chain vulnerability. This interdependence makes siloed risk programmes ineffective. Boards want clear metrics, practical scenarios and steps they can take now. They need technical defences, continuous testing, targeted training and robust supplier due diligence that is backed by expert advice.”
