What is the Biggest Cyber Threat Today?

Earlier this year, Talbot Jones Ltd joined experts from Aon, Hayes Parsons Insurance Brokers and James Hallam Insurance Brokers to form a Cyber Insurance Power Panel. Meeting quarterly, the panel explores the evolving threat landscape, sector vulnerabilities and how businesses should be protecting themselves. This mid-year session provided valuable insights for any organisation questioning whether cyber insurance and proactive risk management are essential for their future.

Are the threats really changing?

One of the first questions posed was whether the cyber threat landscape has shifted in recent years. The panel agreed that while the types of threats remain largely consistent, the way they are executed has advanced dramatically. Artificial intelligence is accelerating how criminals create highly convincing phishing emails and fraudulent websites. As one panellist put it, “You don’t get hacked, someone logs in” — a reminder that most breaches begin with human error rather than technical exploits.

What are the biggest cyber threats for 2025?

The FBI’s Internet Crime Report highlights three dominant threats: investment scams, ransomware and business email compromise. These threats affect businesses of all sizes, across all sectors.

Selorm (SLO) from Talbot Jones highlighted the importance of looking at three pillars: people, processes and systems. He explained:

“It’s not just one-off training. Cyber criminals are constantly developing quicker, smarter ways to exploit weaknesses. Organisations need continuous staff training, effective policies and robust systems to stay protected.”

This people-first approach underlines the reality that education is as important as technology when defending against threats.

How can businesses prepare for phishing and invoice fraud?

Regular phishing training was identified as essential, including simulated phishing emails. Staff who fall for these simulations can then receive targeted additional training.

Process changes are equally important. For example:

• Making phone calls to verify new bank details.

• Requiring two people to authorise payments over a certain threshold.

These steps can prevent costly mistakes and protect against invoice redirection fraud — a common and devastating attack on SMEs.

What role do tabletop exercises play?

The panel also explored practical exercises to prepare for attacks. Tabletop simulations — where teams walk through a mock cyber incident — help staff understand their roles and responsibilities. This preparation reduces downtime and potential losses if a real event occurs.

Selorm emphasised the role of insurance here, noting that policies often include access to valuable services:

“Clients should make use of the additional services within their policies — from business continuity testing to phishing awareness campaigns — often provided free or at significant discount.”

This shows how cyber insurance is no longer just a safety net, but a proactive tool for resilience.

What about AI and supply chain risks?

Artificial intelligence was described as a “two-edged sword.” While AI helps insurers and brokers analyse data efficiently, it also increases risks of wrongful data collection and privacy breaches. The panel agreed that governance and policy controls around AI use will become a major focus for insurers.

Supply chain risk was also highlighted. According to recent research, 59% of insurance breaches stem from third-party suppliers. Selorm reinforced this point:

“You’re only as strong as your weakest link. Even if you have strong controls, your partners might not — and that can expose your business to significant losses.”

Are SMEs overlooking cyber insurance?

Despite increasing take-up, many smaller businesses still don’t see themselves as cyber targets. As the panel pointed out, this is a dangerous misconception. Criminals often use scattergun tactics — targeting whoever clicks first, not just big brands.

Education is key. SMEs should consider:

• How would your business survive a ransomware attack?

• Could you afford the cost of recovery without cover?

• Would clients continue to trust you if their data was exposed?

For many SMEs, a cyber incident could be fatal without insurance and risk management in place.

What does the future hold for cyber insurance?

Looking ahead, the panel predicted that the market will remain competitive, with pricing stable due to increased insurer participation. The real differentiator will be added-value services — training, simulations, and access to specialist support.

Insurers are also expected to innovate with products tailored to SMEs, sole traders and charities. This expansion reflects a growing recognition that every organisation, regardless of size, is vulnerable.

Final Thoughts

The key message from the Cyber Insurance Power Panel was clear: cyber threats aren’t going away, and SMEs are just as exposed as multinationals. For businesses that still view cyber insurance as optional, the risks are mounting daily.

Selorm summarised it well:

“If your business is vulnerable, it’s valuable.”

At Talbot Jones Ltd, we specialise in helping businesses understand their cyber risks and arrange cover that goes beyond a “piece of paper.” Our focus is on resilience, education and giving clients confidence in a digital-first world.

Learn More

• Cyber Insurance — Explore our dedicated page.

• Contact us — Speak to our team about protecting your business.

• News Section — Stay updated with the latest insights from Talbot Jones Ltd.

This panel took place mid-year, with discussions set to continue every quarter on Insurance Business TV.