Once a niche insurance product, cyber insurance is growing to become a mainstream component of corporate risk management.
A new report by QBE and insurtech provider Zywave has shown cyber insurance’s increasing value among organisations of any size as they address escalating cyber threats. However, findings also revealed a gap between what these policies offer and how decision-makers use them.
“The value of cyber insurance as a necessary business management tool is gaining traction, with a higher purchasing rate,” said Dominic Keller (pictured), global head of cyber services at QBE.
“However, awareness of cyber risk services is a key area where organisations can increase their return on investment.”
QBE and Zywave surveyed 156 risk professionals and insurance buyers with annual revenues exceeding $1 billion, between June and July 2024, for their 2024 cyber insurance report.
Findings showed more than 80% of organisations carry some form of cyber insurance. A key driver of this growth is the high rate of cyber incidents with more than 60% of respondents experiencing a cyber event.
The report also sheds light on boards’ and executive teams’ engagement in cyber risk management and their understanding of the value of cyber insurance. In the survey, around half of respondents also viewed cyber policies as critical. However, familiarity levels vary substantially—50% of the survey’s respondents recognized the criticality of cyber policies, but only 20% were “extremely familiar” with them. Another 16% had little or no familiarity at all.
Additionally, many businesses still don’t fully grasp the benefits of cyber risk services, missing a critical aspect of their policy that could add significant value. In many cases, the gap can be due to awareness, where companies might not see that risk services provided by insurers can vastly improve their risk profile, making cyber insurance a more effective purchase.
Keller believes this shortfall in communication is crucial. “There’s a huge opportunity here for increased engagement and partnership with brokers and underwriters to meet customer needs as they’re evolving,” he said. “Customers, brokers and carriers must work together to ensure that these services truly add value.”
A deeper problem in the sector is that many customers perceive these additional services as simply a technical support tool, overlooking the strategic governance benefits these services can bring.
Brokers can raise client awareness by positioning underwriters as partners in their risk management strategy, rather than focusing solely on policy terms or financial transfers.
“Brokers are making strides, but engagement needs to go further,” said Keller. “We need risk managers, IT, and leadership all aligned on the broader approach to cyber risk management. These services strengthen the client relationship and, ultimately, benefit everyone.
“By providing clients not only financial coverage but also risk services and rapid incident response, brokers deliver the complete package, communicating its value to leaders, risk managers, and IT alike.”
Keller is quick to acknowledge the role of brokers in educating clients, but he emphasises that the complexity of cyber risk makes this a challenge. Cyber risks, he noted, are constantly evolving and are compounded by technological advances like artificial intelligence (AI).
This ever-changing environment is what sets cyber insurance apart from traditional insurance policies, making it uniquely suited to be part of an organisation’s overall risk management strategy, rather than just a financial backstop.
For the broader cyber insurance market, this dynamic risk landscape also presents an opportunity to expand risk services beyond technical solutions, addressing broader business continuity issues like incident response planning, data classification, and asset management.
“As cyber risk increasingly threatens business operations, these governance solutions are crucial, but awareness remains low in the market,” Keller said.
For cyber brokers, a more engaged approach is needed. Survey data showed that only 27% of companies discuss cyber insurance beyond renewal periods. For Keller, it’s a clear indicator that brokers need to emphasise the ongoing value of cyber insurance services, especially as they provide essential support during a cyber crisis, and to initiate conversations with clients not only at renewal times but throughout the year.
“The goal is for executives to be engaged with how cyber insurance fits into the broader strategy, rather than becoming experts in policy specifics,” he said.
What are your thoughts on QBE and Zywave’s findings on C-suite engagement in cyber insurance and risk management services? Please share your comments below.
