Brian Sims
Editor

HID Global | July 2025 | Skyscraper
HID Global | July 2025 | Skyscraper

“75% of UK businesses fear AI risk in supply chain” reports QBE

Posted to News on Sunday, May 31, 2026 Share:

THREE IN every four UK businesses are concerned about the cyber risks arising from their vendors and suppliers using Artificial Intelligence (AI), yet only 28% of AI-using businesses have taken steps to assess or audit their third party suppliers’ AI systems. That’s one of the key findings unearthed in the latest research study completed by the QBE Insurance Group.

Using AI is now standard practice for UK businesses, with 97% of those organisations surveyed already using it or otherwise looking into doing so, which is up from 95% last year. Despite this, only 35% of AI-using businesses have a formal AI usage or governance policy in place.

QBE Insurance Group warns that the growing gap between AI adoption and risk management means businesses could be exposed through their supply chains at a point in time when cyber threats are accelerating.

The number of UK businesses experiencing cyber events is increasing, as is the number of companies linking these episodes to the supply chain. The share of UK businesses that experienced a cyber event in the last 12 months rose from 53% in 2025 to 59% in 2026. Among those affected, 59% reported supplier-related events (up from 56% in the previous survey), with 22% saying that all or most of the attacks they suffered involved a supplier.

Increasing cyber risk

David Warr, portfolio manager for cyber at QBE Europe, noted: “AI is now commonplace for UK businesses. While this brings commercial benefits, it also increases cyber risks, notably so across supply chains. Our research reveals that three in every four businesses recognise this risk, but only a small proportion are checking how their suppliers are using AI. This widening gap is concerning.”

Warr added: “Even with robust internal controls, an organisation could be exposed to attack through a third party with weaker defences. As AI adoption accelerates, businesses need to address this emerging risk. Auditing the supply chain is now a key responsibility of cyber risk management.”

The financial consequences and business interruption are also worsening year-on-year. Among businesses that reported a cyber event in the survey, the proportion suffering revenue loss rose from 50% in 2025 to 59% in 2026. Of all UK businesses, 22% experienced a cyber event that caused a disruption of more than one working day (that’s up from 16% in 2025).

New type of risk

Concern about cyber threats remains high, with 82% of UK businesses suggesting they’re concerned about the threats they may face over the next 12 months. A new type of risk seems to be emerging, with 23% of UK businesses experiencing a cyber incident which they believe leveraged AI. The most commonly reported methods included phishing (49%), malware (46%) and business e-mail compromise (42%).

UK businesses are responding to the changing cyber risk landscape with increased investment. Indeed, 79% expect their IT cybersecurity budget to increase over the next 12 months (up from 74% in 2025), with 32% planning increases beyond the rate of inflation.

In order to tackle cyber threats, businesses should:

*identify critical assets, threats and vulnerabilities in order to gain a clear overview of exposure

*define acceptable risk so that organisational leadership can set boundaries

*prioritise mitigation strategies (and direct resources towards areas of greatest impact)

*test contingency plans and recovery protocols

*stress test crisis management

*incorporate third party expertise to help manage residual and emerging risks

*continuously adapt cyber defences to match evolving threats, technology and business needs

When it comes to mitigating third party vulnerabilities, businesses should:

*assess and audit third party and supplier AI systems as part of their standard vendor due diligence

*implement strong identity and access management protocols

*run regular configuration audits

*encrypt sensitive data across all cloud environments

*evaluate the security posture of their third party providers

*establish clear protocols for managing supply chain exposure

Study methodology

On behalf of the QBE Insurance Group, Opinium surveyed 400 decision-makers looking after IT, administration or insurance in businesses with 100-2,000 employees in the UK. The survey was conducted between 31 March and 17 April. Last year, Opinium surveyed a similar sample from 10-29 April.

The 2026 Opinium survey on AI and cyber risks for QBE covers 15 countries (the UK, Australia, Canada, Denmark, France, Germany, Hong Kong, Italy, the Netherlands, New Zealand, Singapore, Spain, Sweden, the United Arab Emirates and the US), generating a total sample size of 6,000-plus businesses.

*Further information is available online at www.qbe.com

Company Info

Western Business Media Limited

Dorset House
64 High Street
East Grinstead
RH19 3DE
UNITED KINGDOM

More from Western Business Media Limited
Related Topics
AI
Artificial Intelligence
Configuration Audits
Cyber Security
Governance
QBE Insurance Group
Risk Management
Stress Testing
Supply Chains
Related Articles
Latest Webinars
Raising the standards of alarm connectivity in the UK
The Move to Mobile: Navigating the Digital Access Revolution
PSTN Switch-Off and AddSecure’s Critical Communication Solutions
Redefining City Security with Artificial Intelligence
‘The Power of the Cloud’: Streamlining Security Management
Related Resources
Network Optix Nx Witness Intelligent Video Management System
Partizan Nexton S3 - Solving Real World Scenarios
Traka showcases key and asset management systems
Latest News
“75% of UK businesses fear AI risk in supply chain” reports QBE
ETSI launches Technical Committee on Critical Communications Systems
Fee changes announced for SIA licensing and approval services

Login / Sign up