From the audit firm KPMG, its latest Wealth and Asset Management Risk and ICARA Benchmarking survey shows that most, 92 per cent of respondents ranked cyber among their top five risks, a sharp rise from 52pc last year. Some 41 per cent are identifying it as their single biggest threat. Despite this, financial crime, which is often closely linked to cyber attacks, was cited as a key concern by only 18pc of firms. Operational resilience was ranked second, while failure to evolve business models, AI and the macro-outlook all sit jointly in third place.
Daniel Barry, Partner and Head of Risk and Compliance for Wealth and Asset Management at KPMG UK, said: “This dramatic rise in cyber risk awareness signals a new era for asset managers. In an increasingly digital landscape, resilience against cyber threats and information security breaches is non-negotiable. The stark contrast between concerns about cyber risk and financial crime raises the question of whether asset managers fully recognise how the risks intersect, and whether they are taking an integrated approach to assessing both.”
About the survey
The survey is based on 39 participating firms who manage, advise or administer trillions of assets; surveyed are wealth managers, boutique and global asset managers, and investment platforms.
Comment
Darren Guccione, CEO and Co-Founder of Keeper Security, spoke of a broader reality facing the UK economy: digital resilience is now inseparable from economic resilience, he said. “As financial services, manufacturing and logistics become increasingly reliant on interconnected digital infrastructure, the impact of cyber incidents can quickly extend beyond a single organisation, disrupting supply chains, delaying production and undermining investor confidence.
“A 2025 research report from Keeper Security revealed that while UK organisations are increasingly aware of these risks, many are still struggling to translate that awareness into practical security improvements. Insights gathered from cybersecurity and IT professionals at Infosecurity Europe in London revealed a concerning readiness gap. Only 18 per cent of respondents reported having a fully effective zero-trust security programme in place, while just 12pc said they felt confident in their organisation’s ability to manage AI-generated cyber threats.
“At the same time, UK security leaders identified phishing as the most immediate threat, cited by 50pc of respondents. This is significant because credential theft remains one of the most common entry points for attackers. Artificial intelligence is also beginning to reshape social engineering tactics, with deepfake technologies increasingly used to impersonate executives or trusted partners in attempts to bypass verification processes. Despite this emerging risk, more than half of respondents believed the media exaggerates the severity of AI-driven threats – highlighting a disconnect between perception and preparedness.
“For organisations operating in a highly digital and globally connected economy like the UK, this gap presents a clear challenge. Cyber resilience requires more than awareness; it demands consistent implementation of identity-first security practices. Strengthening access controls, enforcing least-privilege policies and adopting zero-trust principles can significantly reduce the likelihood that compromised credentials or manipulated identities escalate into a wider breach. As the KPMG findings illustrate, protecting digital infrastructure is no longer simply a cybersecurity priority – it is a fundamental requirement for maintaining economic stability and long-term growth.”
