AXA XL has entered into a strategic partnership with Deloitte to provide cybersecurity and operational technology services to businesses worldwide, a development that could have notable implications for the UK cyber insurance sector as it faces increasing scrutiny.
Available through the AXA Digital Commercial Platform, the collaboration builds on AXA XL’s existing cyber insurance and risk consulting capabilities. Through the agreement, clients will gain access to a broad range of Deloitte-led services covering prevention, detection, and resilience. These services include critical asset identification, vulnerability assessments, cyber crisis simulations, and ongoing threat monitoring.
Cyber Market Reaches a Critical Juncture
The partnership comes at a pivotal time for the cyber insurance industry.
In April 2025, major UK retailers Marks & Spencer, Co-op, and Harrods were hit by significant cyberattacks. Co-op estimated that the incident resulted in £206 million in lost revenue and reduced operating profits by £80 million during the first half of the year. Meanwhile, Marks & Spencer warned that the attack could lower its annual operating profit by around £300 million.
The Cyber Monitoring Centre, an independent UK organisation established by the insurance industry, categorised the incidents affecting M&S and Co-op as a combined “Category 2 systemic event.” The organisation estimated the total financial impact of the attacks at between £270 million and £440 million.
The events also highlighted a substantial protection gap in the market. Reports suggested that neither retailer carried full insurance protection against catastrophic cyber losses, while Co-op’s insurer covered only a portion of the damages incurred.
Rising Threats Amid Falling Premiums
Cyberattacks reached record levels during 2025, yet insurance premiums declined by an average of 11% while coverage expanded. This unusual disconnect between increasing risk and falling pricing has been attributed to intense competition, ambitious growth targets, the arrival of new managing general agents, a new syndicate, and insurers committing additional underwriting capacity.
Against this backdrop, prevention-focused insurance offerings are becoming increasingly attractive. Eddie Lamb, global head of cyber at Hiscox, has previously argued that enhanced service propositions should drive growth through increased demand rather than pricing alone.
According to Lamb, as insurers strengthen their overall offering, cyber insurance becomes a more appealing purchase for customers, helping insurers generate higher sales volumes while supporting sustainable management of cyber-related costs.
Regulatory Momentum Supports Cyber Resilience
The timing of the partnership also aligns with evolving regulatory developments in the UK.
The Cyber Security and Resilience Bill was introduced to Parliament in November 2025 with the objective of modernising the country’s cyber regulatory framework. The proposed legislation seeks to broaden the scope of regulated organisations and improve resilience across critical sectors.
The Association of British Insurers welcomed the bill, noting that nearly £200 million was paid in cyber insurance claims during the previous year. The organisation emphasised that cyber insurance serves not only as financial protection but also as a means of improving security practices, providing specialist guidance, and supporting incident response planning.
Despite heightened cyber threats and growing regulatory expectations, market penetration remains relatively low. Findings from the 2025 UK Cyber Security Breaches Survey showed that only 7% of UK businesses held standalone cyber insurance policies. Among small businesses, the figure stood at 17%, despite more than 43% reporting cyberattacks each year.
AXA XL Accelerates Prevention Strategy
The Deloitte agreement follows AXA XL’s recent launch of a dedicated prevention business unit led by global chief underwriting officer Libby Benet. The unit was established to accelerate the development and expansion of the insurer’s risk consulting capabilities.
As AXA XL’s fifth business division, the new unit sits alongside Americas, APAC & Europe, UK & Lloyd’s, and Reinsurance operations. The Deloitte partnership represents a practical extension of this prevention-focused strategy, providing clients with direct access to specialised cybersecurity expertise through their insurance relationship.
