Outcomes

LMF Cyber Resilience Summit 2025

Insurance professionals from across the London Market gathered at No.6 Alie Street for LMF annual Cyber Resilience Summit, a half-day workshop styled event exploring the rapidly evolving landscape of cyber risk. Facilitated by Roger Oldham, Founder of LMF, the event brought together underwriters, brokers, cyber specialists, technologists and policymakers to assess how the industry should respond to increasingly interconnected and technologically sophisticated threats.

The morning began with a review of market sentiment, revealing a sector that remains cautious despite improved stability. While pricing has eased and capacity has grown, concerns persist about long-term sustainability. Several participants described the market as “steady, but exposed,” reflecting ongoing uncertainty about how well organisations truly understand their risk environments.

Broker & Underwriter Discussion: Stability Masking Complexity

The opening session examined the state of the cyber insurance market. Although claims activity has been relatively consistent over the past two years, brokers and underwriters highlighted that the underlying risk profile is becoming more difficult to model. Many insureds still underestimate their operational reliance on third-party services, cloud platforms and complex supply chains.

One attendee noted that “pricing discipline remains essential, even in a softening market,” emphasising that exposure can quickly escalate in ways that are not yet fully captured in traditional underwriting frameworks. Brokers added that coverage clarity—particularly around cyber-physical losses, business interruption and AI-related incidents—remains a point of contention for many clients.

NCC Group Session: Supply Chain Attacks and AI-Enabled Threats

A detailed session led by NCC Group focused on the rising complexity of supply chain attacks. The group presented evidence that attackers are increasingly exploiting indirect access through suppliers, vendors and service providers. Credential theft and infostealer malware continue to proliferate, creating an active criminal ecosystem where compromised access is traded at scale.

NCC also highlighted the acceleration of AI-driven cyber threats. Recent attack data shows emerging malware strains capable of rewriting their own code to bypass detection, supported by small language models hosted outside major regulatory jurisdictions. This shift marks a significant change in attacker capability. One NCC analyst stated, “AI is now a live factor in the threat environment, allowing attackers to iterate and adapt far faster than before.”

The session reinforced that traditional defensive measures may struggle against autonomous and adaptive attack techniques, raising important questions for both businesses and insurers. Click here to continue the conversation with NCC Group. Big thanks to Chantal Constable and David Brown of NCC Group, Stephen Owen, CISO atIQUW and Richard Breavington, Partner at RPC.

DSIT Session: Governance, National Resilience and Cyber Policy Direction

We were delighted to be joined by the Department for Science, Innovation and Technology (DSIT) from HM Government, who provided an overview of the UK’s evolving cyber policy landscape. Central to this is the Cyber Governance Code of Practice, which aims to strengthen board-level accountability and embed cyber risk into organisational strategy. The Code focuses on risk management, incident preparedness, people, strategic oversight and assurance.

DSIT also discussed ongoing initiatives designed to raise cyber resilience across the wider economy, including updated SME guidance, targeted broker training and national communications campaigns. One official noted that “strong governance is becoming the anchor of the UK’s cyber resilience efforts,” emphasising that regulatory, commercial and operational expectations are increasingly aligned. The Government representatives enjoyed an open discussion with our attending practitioners from the London Market. DSIT thanked LMF for the years of ongoing support and looks forward to an ongoing dialogue.

Risk Ledger Session: Mapping Supply Chain Depth and Concentration Risk

A follow-on session introduced new findings on supply chain mapping and concentration risk, using data from Risk Ledger’s recent cross-sector studies. Their work with six UK financial institutions identified more than 1,300 suppliers across third-, fourth- and fifth-party ecosystems, alongside 47 systemic concentration risks. Notably, nine critical suppliers were found to support at least half of all participating firms, including several smaller vendors that organisations had not initially identified as shared dependencies.

Similar trends emerged in the public sector. An assessment of 18 UK local authorities mapped 831 suppliers and highlighted 45 concentration risks. The findings underscored the depth and complexity of modern supply chains, illustrating how risk can accumulate far beyond an organisation’s immediate line of sight. Thank you to Justin Kuruvilla from Risk Ledger.

Conclusion: A Collective Effort for a More Resilient Market

As the formal agenda drew to a close, attendees continued discussions over lunch, reflecting on the insights shared throughout the morning. The Summit highlighted a clear message: cyber risk is evolving rapidly, with supply chain dependencies and AI-enabled threat techniques driving much of the change. The London Market, with its concentration of expertise and capacity, has a crucial role in strengthening resilience across the wider economy.

LMF emphasised its commitment to sustaining this dialogue through upcoming sessions focused on data trust, technological innovation and supply chain resilience. The 2025 Cyber Resilience Summit reaffirmed the importance of collaboration, intelligence-sharing and strong governance as the foundation for the Market’s ongoing response to cyber risk.

If you’re not yet part of this growing community of practitioners, now is the time to join the conversation.