Emerging cyber threats and organisational risk management
Cyber

Emerging cyber threats and organisational risk management: governance implications around adequate cyber insurance

Sam Jobling
Sam Jobling 25 March 2026
Sam Jobling
Sam Jobling 25 March 2026
Emerging cyber threats and organisational risk management: governance implications around adequate cyber insurance

The evolving cyber threat landscape

In recent years, cyber threats have grown both in frequency and sophistication, placing unprecedented pressure on organisations’ risk frameworks. Ransomware, data breaches and supply-chain compromises now dominate the risk landscape, often disrupting critical operations and exposing organisations to material financial losses, regulatory fines, and reputational harm. Recent high-profile breaches, such as those that caused lengthy manufacturing shutdowns and substantial revenue losses for major UK corporations, illustrate the scale and business impact organisations now face.

The consequences of these attacks demonstrate that cyber risk is no longer a siloed IT issue but a business and governance risk. This shift has significant implications for how risk management frameworks must evolve to address cyber as a core risk category within enterprise risk management.

Related articles

Miller places first affirmative cyber war coverage in Lloyd’s of London cyber market Miller places first affirmative cyber war coverage in Lloyd’s of London cyber ma… News and Insights Miller bolsters cyber team with appointment of Lyndsey Bauer Cyber insurance addressing common misconceptions Cyber insurance: addressing common misconceptions

Regulatory expectations and the cyber governance code of practice

To address these challenges, the UK Government published the Cyber Governance Code of Practice, co-designed with the National Cyber Security Centre (NCSC), which sets out expectations for boards and directors to embed cyber risk within strategic oversight and enterprise risk governance. The Code emphasises that directors should take ownership of cyber risk, integrate it with wider risk management, set risk appetite, and ensure regular assurance and reporting at board level. Boards are expected to engage directly with cyber strategy, risk assessments, and cross-organisational accountability rather than leaving these duties solely to technical teams.

Although currently voluntary, the Code effectively translates directors’ existing legal duties, such as the duty to exercise reasonable care, skill, and diligence under UK company law, into actionable governance expectations for cyber oversight. It signals that cyber-risk governance is now a core board responsibility.

The critical role of cyber insurance

Cyber insurance is a critical component of a robust risk management strategy. It provides not only financial protection, but also delivers access to specialised incident response resources and expertise. Effective cyber insurance can reduce the net volatility of losses from cyber events and support organisational resilience.

Senior leaders who choose not to obtain adequate cyber insurance, or who under-insure relative to the organisation’s risk profile, risk creating a material exposure. Without sufficient transfer of risk, organisations may find themselves bearing the full financial and operational costs of an incident, which can exceed internal resources and threaten solvency.

Heightened oversight and regulatory scrutiny

Board members and senior executives now face heightened expectations for oversight of cyber risk. Regulatory initiatives, such as mandatory breach disclosures and governance codes emphasising cybersecurity accountability, have expanded directors’ duties. Failure to establish robust risk governance, especially in risk transfer mechanisms like cyber insurance, can be interpreted as poor stewardship of stakeholder interests.

Integrating cyber insurance into enterprise risk management

Emerging cyber threats demand that organisations adopt holistic risk management frameworks that integrate technical defences, strategic oversight, and financial risk transfer like cyber insurance. The UK Government’s Cyber Governance Code of Practice has raised the bar for organisational governance by embedding cyber risk awareness and accountability at board level. In this context, senior management decisions to avoid adequate cyber insurance can increasingly be interpreted as a governance failure, elevating directors’ personal liability exposure. In a reality where cyber risk is integral to business continuity, sound governance necessitates that cyber insurance be treated as an essential component - not an optional add-on - of enterprise risk management.

Miller’s Cyber team

Miller’s Cyber team has been in the cyber insurance space for as long as cyber threats have existed.

We’ve been at the forefront of the industry – working with insurers to shape cyber security insurance into what it is today.

For more information about emerging cyber threats and organisational risk management, please get in touch.

GET IN TOUCH

Sam Jobling01 P

Sam Jobling

Associate Director - Professional and Financial Risks +44 (0) 20 7031 2499 [email protected] Read more

SUBMIT AN ENQUIRY

Related specialisms

Cyber insurance

Cyber Insurance
Professional indemnity insurance

Professional Indemnity Insurance
Media Film TV Insurance 3840x2160

Media Film and TV

Related articles

Miller places first affirmative cyber war coverage in Lloyd’s of London cyber market Miller places first affirmative cyber war coverage in Lloyd’s of London cyber ma… News and Insights Miller bolsters cyber team with appointment of Lyndsey Bauer Cyber insurance addressing common misconceptions Cyber insurance: addressing common misconceptions