An alarming escalation in state-linked cyber activity has emerged just as British insurers and brokers contend with an unprecedented rise in digital threats, raising questions about whether the UK’s cyber-defence and insurance frameworks are keeping pace with rapidly evolving risks.
The US artificial intelligence developer Anthropic has disclosed that it disrupted what it describes as the first publicly documented cyber-espionage campaign driven largely by autonomous AI. The operation, attributed to a Chinese state-sponsored group known as GTG-1002, relied on Anthropic’s Claude Code system to identify vulnerabilities, harvest credentials and extract sensitive information with minimal human oversight.
Beijing has rejected suggestions of state involvement, insisting that China opposes all cyberattacks.
The developments come against the backdrop of a worsening domestic cyber climate. Nearly half of small finance and insurance firms in the UK experienced a security breach in the past year, according to money.co.uk’s analysis of government data. The sector now ranks among the three most heavily targeted, with cyber incidents costing small and micro-businesses an estimated £921 million annually.
The National Cyber Security Centre has warned that the threat is now “a matter of business survival”. Finance and insurance firms, which manage large volumes of confidential data and financial transactions, remain highly exposed to phishing and invoice-fraud schemes. While the estimated annual cost of attacks in this category stands at £16.5 million, analysts believe this figure may be reduced by the sector’s use of cyber insurance and regulatory safeguards.
Shifts in workplace habits have added further complexity. The growth of flexible and shared workspaces, often reliant on communal networks and unsecured devices, has created new entry points for criminals. Meanwhile, the end of security updates for Windows 10 has left millions of UK devices reliant on outdated protections, increasing vulnerability across supply chains and support services.
Insurers are already feeling the strain. According to the Association of British Insurers, cyber insurance claims soared 230 per cent last year, with UK insurers paying out £197 million to businesses hit by digital attacks. Malware and ransomware accounted for more than half of all claims.
Demand for cyber cover rose 17 per cent over the same period as firms sought protection from increasingly disruptive attacks. Industry specialists say AI is playing a growing role in enabling ransomware gangs to refine phishing campaigns, scour networks for high-value assets and automate elements of intrusion.
Read more: Average ransom paid hits nearly £1 million
Market practitioners note that many claims now involve multi-layered incidents spanning suppliers, cloud providers and outsourced IT functions. The broader impact on UK businesses extends well beyond direct financial losses to operational downtime, reputational damage and regulatory scrutiny.
The government has introduced the Cyber Security and Resilience Bill, seeking to modernise the UK’s cyber governance framework. The legislation expands the scope of the Network and Information Systems Regulations to cover medium and large IT service providers, including firms responsible for help desk support, security monitoring and outsourced digital operations.
These providers, many of which enjoy privileged access to critical infrastructure, would for the first time be subject to regulated security standards and mandatory incident reporting. Regulators would gain new powers to designate certain suppliers as essential to national resilience, requiring stricter oversight and minimum protective controls.
Read more: Cyber insurance claims surge 230% in the UK
The government argues that a serious attack on critical infrastructure could have severe economic consequences. The Office for Budget Responsibility estimates that a major incident could increase public borrowing by more than £30 billion. Recent analysis suggests that the average cost of a significant cyberattack on a UK organisation exceeds £190,000, amounting to nearly £15 billion in annual losses.
Ministers say the Bill is intended to give regulators sharper tools to intervene when threats emerge, including directing NHS trusts, utilities and similar entities to isolate systems or enhance monitoring during periods of heightened risk.
For brokers advising clients in the UK’s financial and professional services sectors, the convergence of AI-enabled espionage, ransomware escalation and regulatory hardening presents a set of intertwined challenges.
First, autonomous cyber operations, as demonstrated in the GTG-1002 campaign, signal a future in which attacks may develop too quickly for traditional controls to respond. For insurers and brokers, this raises critical questions around underwriting models, aggregation exposure and limits adequacy.
Second, claims inflation and the proliferation of supply-chain-driven incidents will require more granular risk assessments, particularly for clients reliant on third-party IT providers now facing new regulatory obligations.
Third, boards are increasingly treating cyber security as a strategic risk rather than a compliance function. This shift is expected to drive stronger demand for advisory-led insurance placements that incorporate incident response planning, vulnerability assessment and employee training.
Finally, Anthropic has urged organisations to explore the use of AI in their own defensive strategies, from security operations automation to advanced threat detection. The company emphasises that the same capabilities exploited for attacks can, under robust safeguards, provide unprecedented advantages to defenders.
The UK’s cyber landscape is entering a more volatile and adversarial phase. For brokers, the task ahead lies in helping clients navigate an environment in which threats are accelerating, legislation is tightening and insurers are recalibrating their models. Those able to combine technical insight with strategic guidance will be best placed to support businesses confronting the next wave of AI-driven attacks.
