London, 24 November 2025: Cyber security and IT services provider Intersys Ltd. (“Intersys”) has launched a new AI in the Workplace Governance Policy Template to support insurers, MGAs, brokers and market service providers in managing the operational, regulatory and data risks associated with rapid AI adoption.

The free-to-download policy provides a practical framework that insurance organisations can implement immediately to guide employees, strengthen controls, and ensure responsible use of generative AI platforms such as ChatGPT, Claude and Microsoft Copilot.

Since generative AI’s breakthrough moment in 2022, insurers have begun integrating these tools across underwriting, claims, customer engagement and operational workflows. While these technologies promise efficiency gains, faster decision-making and enhanced customer services, they also introduce significant risk if deployed without appropriate governance.

The insurance sector faces particular exposure due to:

• The volume of personal and sensitive policyholder data handled by insurers and brokers
• The obligation to maintain strict GDPR compliance and evidential audit trails
• Increasing regulatory scrutiny from bodies such as the FCA around data, model oversight, fair value and Consumer Duty
• Supply-chain interconnectedness, where one weak point in an insurance ecosystem can expose multiple organisations
• The risk of inadvertently disclosing commercial, actuarial or pricing information into public AI systems.

Matthew Geyman, Managing Director, Intersys, said: “AI is already reshaping underwriting, claims and customer communications, but without strong governance, the risks to insurers are significant: from regulatory breaches and data leakage to operational disruption. The sector urgently needs clear, practical guardrails. Our AI in the Workplace Policy Template sets out the essentials — mandatory staff training, data-redaction controls, bans on using personal AI accounts for company information, and proper oversight of approved tools. This is a core governance and risk management priority for every insurer, MGA and broker, and we’re making this template freely available for the public good to help strengthen operational resilience across the industry.”

Jake Ives, Head of Security, Intersys, added: “AI platforms often store user inputs, meaning policyholder, pricing or claims data could be exposed. Inaccurate or fabricated outputs, including AI hallucinations, can easily lead to flawed decisions or misleading communications. We’re also seeing integrated tools like Microsoft Copilot surface sensitive files simply because access rights haven’t been properly configured. Too many firms are rolling out AI tools without putting the right controls in place.”

For further information about our Free AI Governance Policy template, visit: https://intersys.co.uk/ai-in-the-workplace-responsible-use-for-businesses/

London, 29 September 2025

Insurance, financial and technology leaders have warned that businesses must overhaul crisis management strategies to reflect today’s increasingly complex cyber and operational threats.

The call came during a high-level roundtable in London co-hosted by Intersys and Semperis, which brought together 15 senior executives from across sectors including healthcare, energy, insurance, exposure management, and technology.

Attendees analysed recent global incidents and debated lessons learned, such as how organisations can better prepare for crises ranging from cyber attacks and supply chain disruption to physical damage and deepfake-driven fraud.

Speakers highlighted recurring weaknesses across organisations, including:

• Failing to run realistic simulations, instead rehearsing in “ideal states”
  
• Lack of clarity on roles, responsibilities and decision-making beyond the C‑suite
  
• Inadequate information sharing on supply chains, with some firms reliant on thousands of third parties
  
• Over-reliance on informal or “shadow IT” communications such as WhatsApp
  
• The human factor – from tired crisis teams to “bad leavers” retaining system access

The roundtable — Crisis Management: Adapting to a Changing Threat Landscape — reflected on high profile incidents such as the Iberian energy blackout and ongoing cyber-attacks against major retailers and manufacturers, and their impact on related supply chains.

Attendees included:

• Hannah Brambani, Head of Operational Performance at Pro Global
• Catherine Geyman, Director, Enterprise Risk Management, Intersys
• Simon Hodgkinson, Strategic Advisor to Semperis and ex CISO of BP
• Yunus Jawaheer, Head of Risk and Compliance, Affinia
• Kumu Kumar, Managing Director International, Sigma7 Paragon
• Nhamo Nyakambangwe, Senior Manager, Operational Resilience, Investec
• Guy Williams, Exposure Subject Matter Expert, Ebix Europe

Catherine Geyman, Director, Enterprise Risk Management, Intersys, said: “I’d like to thank all the participants for a very insightful and forward-thinking discussion. The takeaway is clear: resilience isn’t just about technology – it’s about people, processes, and culture. This year the FCA gave organisations, including banks, insurers, and PRA-designated firms, up until 31 March 2025, to implement the new requirements in UK operational resilience. Organisations must move beyond box-ticking, run realistic crisis exercises, and ensure infrastructure and communication systems are given a voice. The next wave of threats – from deepfakes to systemic infrastructure failures – is already here. Preparedness is the only defence.”

Simon Hodgkinson, Strategic Advisor to Semperis and ex CISO of BP, stressed the need to rethink how resilience is framed:  “Too often, incident response playbooks don’t account for communication breakdowns, global cultural differences in risk appetite, or the need for clear escalation and authority outside the C‑suite. Businesses need to know not just what to do, but who can do it when the crisis hits.”

Hannah Brambani, Head of Operational Performance at Pro Global, added: “All companies need to take a hard look at their own operational risk. Too often, resilience is treated as a compliance exercise led by group functions, but real preparedness means stress-testing your own systems, people and processes. For re/insurers in particular, proactively identifying weaknesses, from access management to supplier dependencies, is vital.”

Guy Williams, Exposure SME at Ebix Europe, said:  “For exposure managers, one of the biggest gaps is lack of visibility. Businesses often can’t provide meaningful supply chain data, yet expect cover. That opacity makes exposure management harder for insurers, and crisis response harder for organisations — increasing the risk for everyone involved.”

Intersys-hosted high-level roundtable explored cyber resilience following wave of UK cyber attacks

London, 21 May, 2025:

Experts from the banking, insurance, and law enforcement sectors have called for urgent, organisation-wide cyber security training to bolster resilience across the UK’s financial system. The call follows a wave of recent high-profile cyber attacks — including those affecting major UK retailers which included the theft of customer data — which have once again highlighted the urgency of enhancing cyber defences across all sectors, and breaking down the culture of blaming victims. 

Hosted in person at Intersys’ Leadenhall Market office in the City of London, the exclusive roundtable event — Navigating Cyber Security and Operational Resilience in the Finance and Insurance Sector - welcomed 12 senior representatives from organisations including Metro Bank, Chubb, Aon, and Clear Group, alongside Inspector Charlie Morrison, Head of the Cyber Griffin Programme at the City of London Police. 

According to the UK Government’s Cyber Security Breaches Survey 2025, phishing attacks remain the most prevalent and disruptive form of cyber breach or attack, experienced by 85% of UK businesses and 86% of charities. Despite the scale of the threat, only 30% of UK businesses currently offer cyber security training to staff.

Moreover, among the 3% of businesses that fell victim to cyber-facilitated fraud in the past 12 months, 54% of incidents stemmed from phishing, followed by online bank account hacks (28%) and organisational account takeovers (15%).

Inspector Charlie Morrison, Head of the Cyber Griffin programme at the City of London Police, said:

“Throughout the Square Mile, organisations are often well-prepared to manage the technical impacts of a cyber incident, but less equipped to support the individuals affected. The person who clicks on a malicious link or opens a malicious attachment can often go through a psychological journey similar to a victim of conventional crime, experiencing anxiety, insecurity, and a fear of returning to work. The City of London community has an opportunity here to integrate victim care into our response, and in so doing, limit the significant harm that cyber criminality can have.”

Mark Kirby, Professional Services Director at Intersys, said:

“Demand for this roundtable significantly exceeded capacity, underlining just how concerned and engaged the financial services sector is when it comes to the cyber threat landscape. The latest breaches show that you can have the best technical defences, but one click on a phishing link can still compromise your entire operation. That’s why we need to move beyond just tools and firewalls. User education is the most powerful frontline defence. And at the same time, this isn’t about blaming the victim, it’s about making sure they’re supported and informed. The attacker only has to succeed once, which is why ongoing, organisation-wide cyber training is essential. And we need to go further too — including implementing dark web monitoring and reporting tools, so organisations have a full view of where and how they may be exposed.”

Jake Ives, Head of Security at Intersys, said:

“A major theme from this event was culture; cyber resilience has to become part of a company’s DNA. The key takeaway was clear: organisations must foster environments where people feel confident and supported to report suspicious activity. Too often, fear of blame or embarrassment leads to silence, which gives attackers the advantage. We need to normalise early reporting — to treat clicking a phishing link not as failure, but as an opportunity to respond quickly and learn. Building a security-aware culture also means limiting unnecessary privileges, like removing local admin rights, and adopting technologies like Zero Trust Application Whitelisting. But all of that only works if people are engaged, educated, and empowered to act.”

LONDON, 18 March 2025 – Leading figures from across the insurance and cyber security sector have issued a unified call to action for insurers to strengthen their cyber resilience in response to the rapidly evolving threat landscape. 

Intersys, a leading provider of cyber security and IT solutions for the insurance sector brought together senior cyber security, underwriting, and risk management professionals to address pressing challenges facing the sector. The panel included:

• David Clamp, Founder, The Camelot Network
• Lisa Rowe, Senior Underwriter — Financial Lines, Cyber, Specialty MGA UK
• Aarti Ajay, IT Audit Manager, We Are Just
• Douglas Robare, Venture Partner — Neo Ventures
• Robin Muir, Head of Contingent Risks, Devonshire Underwriting
• Mark Kirby, Professional Services Director, Intersys
• Jake Ives, Head of Security, Intersys
• Tim King, Business Development Lead, Intersys

At a high-level roundtable hosted by cyber security specialists Intersys, industry leaders warned that insurers must move beyond reactive approaches and implement more robust, proactive risk management strategies to counter growing cyber threats:

• Ransomware Attacks – 60% of businesses affected by ransomware shut down within three years.
• Outdated Systems – GCHQ warns that many in the insurance sector still use outdated Windows systems, increasing vulnerability.
• MFA Limitations – Multi-Factor Authentication (MFA) is not foolproof, as cyber criminals are stealing access tokens to bypass it.
• Quishing (QR Code Phishing) – A rapidly growing attack vector, increasing from 0.8% of phishing attempts in 2022 to 12.4% in 2024.
• Evolving Cyber criminal Tactics – Attackers continuously adapt, requiring insurers to stay ahead with proactive measures.
• Lack of Industry Collaboration – A fragmented approach to cyber risk leaves insurers vulnerable, calling for greater cross-sector cooperation.

Urgent need for industry-wide action

Tim King, Business Development Lead, Intersys, said: “Threat actors only need to succeed once, whereas businesses must remain vigilant at all times. The risk-reward balance has shifted, making cyber crime an attractive option for criminals, with the likelihood of getting locked up for armed robbery higher than being arrested for cyber crime. The industry must prioritise proactive security measures to mitigate this risk as rather worryingly, GCHQ says significant numbers in the insurance sector use out-of-date Windows.”

Jake Ives, Head of Security, Intersys, said: “MFA is a strong starting point, but it isn’t foolproof. Cyber criminals are becoming increasingly sophisticated, stealing access tokens and bypassing security protocols. The insurance sector needs to continuously adapt to these threats.”

Douglas Robare, Venture Partner — Neo Ventures, said: “At the event I was introduced to the term Quishing - QR code phishing — which is rapidly rising from 0.8% of phishing attempts in 2022 to 12.4% in 2024. It’s a reminder that while we’re used to spotting phishing emails and texts, fake QR codes are now a real threat. The event was an excellent opportunity to discuss key cyber security challenges, particularly around data management, legacy systems, and the growing risks as AI tools become more prevalent in the insurance industry.”

Aarti Ajay, IT Audit Manager, We Are Just said: “There are so many challenges to overcome, and the discussion nailed some interesting topics and areas of focus for security professionals.”

David Clamp, Founder, The Camelot Network, said: “There were lots of insights on the theory and practical application of how to protect against the evolving cyber threat landscape, right in the heart of the London Market.”

Lisa Rowe, Senior Underwriter — Financial Lines, Cyber, Specialty MGA UK, said: “The Cyber Roundtable hosted by Intersys was a great opportunity to connect and share insights. Intersys’ deep expertise in cyber security made the collaboration enriching, and I truly valued the chance to meet with my fellow professionals.”

Robin Muir, Head of Contingent Risks, Devonshire Underwriting, said: “Cyber security must be embedded in the DNA of every insurance business — from MGAs to insurers and brokers. As the industry becomes increasingly interconnected through data feeds and APIs, the risk landscape is evolving at an unprecedented pace. Proactive, robust cyber measures are critical to protecting sensitive data and maintaining operational resilience. The insurance sector must stay ahead of emerging threats by fostering continuous dialogue and collaboration with cyber security experts, ensuring that best practices evolve alongside the risks we face.”  

Mark Kirby, Professional Services Director, Intersys said: “Our goal is to bring together IT security experts, risk managers, underwriters, and auditors to foster knowledge-sharing and innovative problem-solving in the face of emerging cyber threats.”

London, 8 October, 2024 – Intersys, the leading UK-based provider of cyber risk management solutions, dedicated to helping organisations of all sizes assess, manage, and mitigate cyber risk, today announced its further expansion in the UK insurance market.

Intersys has opened a new cyber security and IT office in Leadenhall Market, the heart of the insurance district. Intersys’ new London office will serve as a hub for delivering cutting-edge cyber managed services tailored to the unique needs of the UK insurance sector. The company’s experienced team of cyber security experts will work closely with clients to develop and implement customised solutions that address the evolving cyber threat landscape.

•  The UK Government’s 2024 Cyber Security Breaches Survey highlights that half of UK businesses experienced a cyber attack or breach in the past year, with phishing being the most common attack type, affecting 84% of businesses.
• In contrast, Intersys clients are ten times less likely to suffer a cyber attack than the national average. This significant advantage highlights the effectiveness of Intersys’ approach in providing marginal gains and substantial protective measures in an increasingly risky digital landscape.

Intersys: Decades of experience in insurance

Intersys boasts nearly three decades of experience in the insurance industry and as a leading London IT company. The company’s leadership team includes experienced insurance and technology experts who work with leading insurance businesses to provide IT infrastructure, security, outsourced solutions and cloud infrastructure design and support for critical firms within the market. This includes support for placing platforms, underwriting, claims management and exposure management systems. They also provide outsourced IT for fintech firms that are critical suppliers to large insurers.

“Insurers understand risk better than most, yet they themselves are prime targets for cyber attacks,” said Matthew Geyman, Managing Director at Intersys. “The alarming statistic that 50% of UK businesses have suffered breaches underscores the urgent need for proactive risk management in the cyber domain. Intersys’ proven track record in significantly reducing cyber breaches for our clients demonstrates the effectiveness of our approach. We’re not just another tech company; we’re a trusted partner with a deep understanding of the insurance industry’s unique challenges.”

“Our understanding of the insurance world, combined with our long-standing ISO 27001 certification and our laser focus on security, positions us uniquely to support insurers,” said Catherine Geyman, Director of Enterprise Risk Management at Intersys. 

“As the industry faces an expanding array of cyber threats, it’s crucial for insurers to adopt a holistic approach to risk management. By integrating cyber risk into broader enterprise risk strategies, we help our clients not only protect their operations but also build the resilience needed to navigate emerging challenges. With technology rapidly transforming the industry, it’s essential to have partners who understand where you’re starting from and where you’re headed. We look forward to expanding our support for the insurance sector with the opening of our new London hub.”