Financial and professional services businesses underestimate impact of disruption from a cyber attack, Beazley report finds
Across industries, resilience is increasingly defined not by whether disruption occurs, but by how far it spreads, how long it lasts and how quickly organisations can recover – a definition that contrasts with the high levels of confidence many businesses express in their cyber resilience.
This overconfidence is particularly evident in sectors heavily reliant on supply chains, such as retail and manufacturing, where despite 87% feeling resilient against cyber threats, ransomware attacks result in an average of 11.6 days of business downtime* and a 6-18+ month impact timeline.
At the same time, AI is emerging as both an opportunity and a risk multiplier. While it is expected to drive productivity and growth, it also introduces new vulnerabilities, requiring businesses to scale governance and controls in line with technological advancement.
Alessandro Lezzi, group head of Cyber Risks at Beazley, comments: “What stands out in this year’s Risk & Resilience survey findings is a growing misalignment between cyber and tech risk concern and perceived perception of resilience to these risks. While cyber risk is widely recognised as the number one threat facing businesses globally, 80% believe they could fully recover financially from a cyber attack, demonstrating many financial and professional service organisations are overestimating their preparedness to withstand the full impact of an attack across all corners of their operations
“That gap matters because cyber risk is becoming more systemic – the high profile incidences in 2025 only prove this. As businesses become more interconnected and adopt technologies such as AI, disruption can spread faster across organisations and supply chains making incidents harder to contain.
“It’s encouraging to see however that over 40% of financial and professional service businesses plan to invest in stronger cyber security, including access to specialist expertise to help them better understand their exposure, strengthen incident response and plan for realistic disruption scenarios across the organisation.”
For Beazley’s full report please follow link here.