Insurance Europe has released a publication titled "Insurers’ Role in EU Cyber Resilience" outlining the sector’s position as cyber threats grow in frequency and impact.
The publication points to the rapid growth of the cyber insurance market, largely driven by the increase in cyberattacks. According to Munich Re, the global cyber insurance market expanded from an estimated $5.9 billion in 2019 to $14 billion in 2023.
Despite this growth, a notable gap in cyber protection persists, with underinsurance posing a significant issue for both businesses and individuals. The publication includes case studies from across Europe that highlight efforts aimed at enhancing cyber resilience.
The publication identifies five main challenges that insurers face in quantifying and assessing cyber risks. Challenges include uncertainty around potential future losses, highly correlated risks due to the prevalent use of shared operating systems, and limited data on cyber incidents and their financial impact.
It also notes the increasingly intangible nature of cyber losses and the systemic risks of large-scale cyber events.
The report proposes several policy recommendations aimed at EU policymakers to help the insurance industry bolster cyber resilience across Europe.
Digital technology is a fundamental part of modern economies, providing benefits like innovation, efficiency, and convenience. However, these benefits expose individuals and companies to cyber risks when digital vulnerabilities are exploited.
Cyber risk, meanwhile, is a growing threat for businesses, with cyberspace expanding as services go digital and more actors attempt to exploit it. Between 2022 and 2023, global cyberattacks rose by 38%, with increases seen in ransomware, malware, phishing, wiper ware, and cloud vulnerability exploitation.
Such attacks can lead to serious financial, productivity, and reputational impacts for affected businesses.
Cyberattacks are becoming more sophisticated, partly due to advancements in AI, and have become easier to execute. The World Economic Forum ranked "cyber insecurity" as the fourth most significant global risk over the next two years and within the top 10 global risks over the next decade.
Political factors also influence cyber threats, as seen in the rise of cyberattacks from Russian state-backed actors following the outbreak of the Ukraine conflict in 2022.
The EU has responded with a range of cybersecurity-focused legislation, including NIS2 and DORA, as well as the Cyber Resilience Act and Cyber Solidarity Act. These legislative efforts are aimed at strengthening the EU's cyber resilience, enhancing cybersecurity capabilities, and improving coordination across member states.
Cyber insurance plays a crucial role in mitigating cyber risk, providing companies with a tool to protect their digital assets and data. The European cyber insurance market has been expanding alongside the sector's digitalisation, with insurers and reinsurers increasingly supporting businesses in managing cyber risks.
Given the multifaceted nature of cyber threats, the insurance industry can provide a range of coverage options to address specific risks.
Despite the anticipated growth of the cyber insurance market, a substantial cyber protection gap is expected to persist. This gap, defined as the difference between the total economic exposure from cyberattacks and the amount covered by current insurance policies, is estimated at $0.9 trillion annually.
Underinsurance remains a concern, with CYE reporting an average coverage gap of 350% among companies surveyed in 2024, meaning the costs from a breach are expected to be three times higher than the available insurance coverage.
What are your thoughts on this story? Please feel free to share your comments below.