Aon warns businesses lag on AI cyber risk as London insurance market stays soft

AI cyber-offence doubles every four months as premiums fell 11% in 2025. Aon warns this soft market leaves businesses underprepared for faster attacks.

Categorized in: AI News Insurance
Published on: Jul 17, 2026
Aon warns businesses lag on AI cyber risk as London insurance market stays soft

Aon has called for stronger cyber risk management practices after a UK government open letter warned that AI cyber-offence capability is now doubling roughly every four months - twice the previous rate. The warning lands in a soft insurance market where cyber premiums fell 11% in 2025 even as incident volumes climbed, leaving many businesses underprepared for attacks that move faster than governance and policy wordings can adapt.

The government's AI Security Institute found that frontier models, including Anthropic's Mythos, are substantially more capable at cyber offence than any system assessed before. Rob Kemp, CEO of Commercial Risk in the UK for Aon, said the firm's Global Risk Management Survey identified cyber attacks and data breaches as the top enterprise risk in 2026, expected to continue into 2028. "Many businesses describing themselves as only somewhat prepared - citing fragmented governance and limited testing of AI-driven incident scenarios," Kemp said.

Some organisations still treat AI as a future issue and delay critical cyber risk strategies, Aon noted. The broker said AI has not changed the fundamentals of cyber risk management but has significantly increased the scale and likelihood of attacks. It urged businesses to focus on core controls - patching, vulnerability remediation, staff training on phishing and social engineering - and stress-test them against AI-enabled scenarios, including checking whether existing policies respond to AI-related incidents.

The attribution problem and London's exclusion wordings

Faster reconnaissance, automated exploitation and harder-to-trace attack chains make quick attribution to a specific actor increasingly difficult. The insurance market's traditional approach of denying claims under "hostile/warlike action" exclusions was tested in the Merck & Co. v. ACE American Insurance Co. dispute over the 2017 NotPetya attack. US courts sided with Merck, finding that a Cold War-era war exclusion could not cover a cyberattack with no formal declaration of war. The case ended in an undisclosed settlement in early 2024, but the underlying finding stood.

Against that backdrop, London's model wordings have shifted. The LMA's LMA5567A/B clauses move the exclusion test away from attributing an attack to a state and toward whether it caused significant impairment at a national infrastructure level. Instead of arguing over who was behind an attack before cover kicks in, the newer wording asks how much damage it actually did to critical national infrastructure - a practical response when attribution is slow or impossible.

Soft market persists despite rising threats

The UK cyber insurance market remains highly competitive. Broker Lockton found that cyber premiums fell by an average of 11% across 2025, while the number of insurers underwriting cyber risk in London grew from around 25 in 2020 to roughly 45 in 2025. Marsh's 2026 UK cyber outlook similarly describes rising demand and expanded capacity keeping premiums relatively low, with new AI-specific products beginning to emerge.

That pricing environment sits awkwardly alongside tightening regulation. The Cyber Security and Resilience Bill, now before the House of Lords, is expected to broaden mandatory security and incident reporting requirements to more managed service providers, data centres and critical suppliers. High-profile incidents such as the 2025 cyberattack on Jaguar Land Rover have driven awareness, yet a GlobalData survey found more than 60% of UK SMEs still carry no cyber cover at all.

What brokers should do now

A soft market gives brokers leverage to push clients toward broader cover rather than just cheaper cover. That means checking whether a client's existing wording responds to an AI-enabled incident, not only a conventional data breach. It also means understanding where the LMA5567A/B threshold would leave a client exposed if a state-linked attack fell short of "significant impairment" of national infrastructure. With capacity still abundant, brokers can negotiate broader terms now - because that negotiating power tends to disappear quickly once a market-changing loss resets pricing. For brokers, staying current on AI for Insurance is essential to helping clients close coverage gaps.

Why this matters for insurance professionals

The gap between rising AI-enabled threats and still-developing governance - in both corporate risk management and insurance exclusion wordings - means insurers and brokers are chasing a threat moving faster than their frameworks. For brokers, the immediate opportunity is to use current market conditions to secure broader coverage that explicitly addresses AI-driven incidents, before a major loss event forces a hard market and leaves clients exposed.


Get Daily AI News

Your membership also unlocks:

700+ AI Courses
700+ Certifications
Personalized AI Learning Plan
6500+ AI Tools (no Ads)
Daily AI News by job industry (no Ads)