How to Navigate the EMEA Cyber Risk Insurance Market
As the cyber insurance landscape continues to evolve in EMEA, companies need actionable insights and solutions to strengthen their cyber risk strategies.
Key Takeaways
-
Despite heightened cyber security regulations and a notable surge in cyber and privacy incidents, cyber insurance pricing is expected to remain stable through 2024.
-
Proactively engaging with knowledgeable insurers will help companies protect against emerging cyber threats.
-
Risk managers can adopt four ways to make better cyber security policy decisions.
The dynamic cyber landscape is shaped by several factors — from heightened privacy and cyber security regulations and evolving privacy litigation culture to increasing ransomware events, the emergence of artificial intelligence (AI) and machine learning-driven cyberattacks. This reflects the growing complexity and severity of cyber risks.
Key trends shaping the EMEA cyber insurance market include:
-
1. Surging ransomware attacks
- Ransomware attacks spiked drastically in the first half of 2023 and continued to escalate into Q4 2023. This not only disrupted businesses across business professional services, real estate/construction, and manufacturing, but also increased insurer losses.
- Ransomware activities will maintain their upward trajectory, posing persistent threats to organizations worldwide. The intersection of these cyber threats with new regulations makes way for agile responses from insurers and brokers alike.
-
2. Increasing Adoption of Artificial Intelligence
- The adoption of AI and machine learning also introduces novel risks and challenges, underscoring innovation and adaptation within the cyber insurance ecosystem.
- Several insureds view AI as not only a potential cyber security threat to be leveraged by bad actors, but also a tool to improve their own cyber security posture.
Against this backdrop, the regulatory landscape is faced with further evolution. Data privacy regulations are expected to come into effect globally, with the U.S. leading the charge. Additionally, with the European Union’s (EU) landmark AI Act1 and the EU NIS2 Directive on the horizon, cyber security in 2024 promises to be both exhilarating and demanding as it navigates uncharted terrain.
To adequately handle future uncertainty, you need to partner with a long-term insurer who knows your risk, pays claims reliably, and can tailor policy wording to suit your exposures and incident response plans.
Systemic Risk is a Top Concern for Insurers
Systemic risk continues to play an important role in the evaluation, scrutiny and, in some instances, restricted coverage offered for critical infrastructure, correlated events and war. Certain insurers restrict coverage on either a generalized or event-specific basis.
Since passing the first anniversary of Lloyd’s cyber war exclusion market bulletin,2 domestic insurers are starting to implement similar wording concepts (e.g., a compliant war and cyber operations exclusion must now be included in policies purchased through Lloyd’s). This has led to some confusion and market income loss.
“After years of discussion and negotiation, it seems the market has finally come to a landing with respect to the scope and wording of war and cyber operations exclusions, which is evident in the January 1st renewals,” says Pablo Constenla, Aon’s Head of Cyber Coverage and Claims for EMEA. “This highlights the importance of organizations partnering with insurers to review and secure the right limit and coverage.”
214%
Increase in ransomware activity in Q4 2023
YOY
Source: Aon Cyber Solutions
Buyer-Friendly Cyber Market Conditions Prevail
Despite a growing number of cyber incidents, heighted privacy regulation, as well as the increase in class actions (and the implementation of the European Representative Actions Directive), the EMEA’s buyer-friendly cyber market expanded due to new and returning insurers bringing in fresh capital and intensifying competition and businesses— ultimately strengthening cyber security.
7.3%
Decline in cyber premium rates in Q1 2024
YOY
Source: Aon Cyber Solutions internal benchmarking data
In 2023 and early 2024, organizations might have had more options for coverage if they could demonstrate a high-quality risk such as one that is:
- well-articulated around their cyber security resilience journey
- well-prepared with good risk information, no claims history, etc...
- well-protected around key security controls
This appears to have led to better business interruption coverage, more precise language based on claims experience and readiness from insurers to cooperate with organizations and more closely customize insurance programs according to specific needs.
Economic fluctuations, coupled with a shift in the geopolitical environment and widespread systemic cyber events, further shape the buyer-friendly cyber market.
“Organizations should make the most of the current favorable market conditions by carefully considering their cyber insurance buying strategy,” says Søren Stryger, Chief Broking Officer, Cyber Solutions, EMEA . “Doing so will not only optimize terms and conditions, but also build resilience for future market movements.”
Areas to watch carefully include supply chain attacks, silent attacks, more sophisticated regulatory fines, and penalties and changes in data protection litigation culture.
Even though cyber incidents are increasing, most cyber claims are resolved based on experience. “Insurers understand the complexity and uniqueness of each cyber claim,” Constenla explains. “Having an open mindset is crucial for the successful outcome.”
To avoid financial and reputational damage from cyber and privacy incidents, companies must adopt proactive cyber risk management practices and customized cyber insurance aligned with their cyber security strategy.
Navigate the Future Cyber Space with Confidence
Here are four ways to make better cyber policy decisions:
-
1. Build stability and bespoke solutions.
Now is the right time to review your policy, including new risks such as increased legalization. Understand changes and how different insurance policies work together to create stabilization and ensure coverage remains relevant.
-
2. Quantify your cyber risk.
With the evolution of AI technologies potentially being used for or against a business, it is important to understand existing risks and work toward insuring them appropriately. While the focus in previous years was on coverage, organizations can partner with insurers to drive conversations around:
- Wording
- Relevance
- 360 days consideration to salvage policy
-
3. Partner with the whole organization.
Cyber and privacy risk is a company risk. Work together with the entire business to effectively showcase controls — from the chief information security officer and privacy counsel to different teams across the organization.
-
4. Maintain the confidential nature of insurance policies.
Keep threat actors from knowing coverage information that can be used against the organization. Bad actors continue to threaten victims and demand ransom payments that are based on the client’s insurance coverage limits.
It is essential for risk managers to review the tools, technologies and procedures necessary to help combat cyber threats.
“Proactively engage with knowledgeable insurers and stay ahead of emerging threats,” advises Stryger. “This will allow risk managers to better protect their organization’s resilience against cyber risks.”
General Disclaimer
This material has been prepared for informational purposes only and should not be relied on for any other purpose. You should consult with your own professional advisors before implementing any recommendation or following the guidance provided herein. Further, the information provided, and the statements expressed are not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information and use sources that we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future.
All descriptions, summaries or highlights of coverage are for general informational purposes only and do not amend, alter or modify the actual terms or conditions of any insurance policy. Coverage is governed only by the terms and conditions of the relevant policy.
Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.
Aon's Better Being Podcast
Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.
Aon Insights Series UK
Expert Views on Today's Risk Capital and Human Capital Issues
Construction and Infrastructure
The construction industry is under pressure from interconnected risks and notable macroeconomic developments. Learn how your organization can benefit from construction insurance and risk management.
Cyber Labs
Stay in the loop on today's most pressing cyber security matters.
Cyber Resilience
Our Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.
Employee Wellbeing
Our Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.
Environmental, Social and Governance Insights
Explore Aon's latest environmental social and governance (ESG) insights.
Q4 2023 Global Insurance Market Insights
Our Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.
Regional Results
How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.
Human Capital Analytics
Our Human Capital Analytics collection gives you access to the latest insights from Aon's human capital team. Contact us to learn how Aon’s analytics capabilities helps organizations make better workforce decisions.
Insights for HR
Explore our hand-picked insights for human resources professionals.
Workforce
Our Workforce Collection provides access to the latest insights from Aon’s Human Capital team on topics ranging from health and benefits, retirement and talent practices. You can reach out to our team at any time to learn how we can help address emerging workforce challenges.
Mergers and Acquisitions
Our Mergers and Acquisitions (M&A) collection gives you access to the latest insights from Aon's thought leaders to help dealmakers make better decisions. Explore our latest insights and reach out to the team at any time for assistance with transaction challenges and opportunities.
Navigating Volatility
How do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?
Parametric Insurance
Our Parametric Insurance Collection provides ways your organization can benefit from this simple, straightforward and fast-paying risk transfer solution. Reach out to learn how we can help you make better decisions to manage your catastrophe exposures and near-term volatility.
Pay Transparency and Equity
Our Pay Transparency and Equity collection gives you access to the latest insights from Aon's human capital team on topics ranging from pay equity to diversity, equity and inclusion. Contact us to learn how we can help your organization address these issues.
Property Risk Management
Forecasters are predicting an extremely active 2024 Atlantic hurricane season. Take measures to build resilience to mitigate risk for hurricane-prone properties.
Technology
Our Technology Collection provides access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities of technology. Reach out to the team to learn how we can help you use technology to make better decisions for the future.
Top 10 Global Risks
Trade, technology, weather and workforce stability are the central forces in today’s risk landscape.
Trade
Our Trade Collection gives you access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities for international business. Reach out to our team to understand how to make better decisions around macro trends and why they matter to businesses.
Weather
With a changing climate, organizations in all sectors will need to protect their people and physical assets, reduce their carbon footprint, and invest in new solutions to thrive. Our Weather Collection provides you with critical insights to be prepared.
Workforce Resilience
Our Workforce Resilience collection gives you access to the latest insights from Aon's Human Capital team. You can reach out to the team at any time for questions about how we can assess gaps and help build a more resilience workforce.
More Like This
-
Article 50 mins
8 Focus Areas for the Renewable Energy Sector
As more companies seek to reduce their carbon footprint, the renewable energy sector continues to grow, presenting both opportunities and red flags for organizations with renewable energy growth plans.
-
Article 10 mins
Captive Insurance: Uptick in Use Reflects Market Realities
As more companies become comfortable using captives and understanding the value they add, captives are likely to become further embedded into corporate risk strategies, regardless of market conditions.
-
Article 11 mins
Building Strategies for Sustainable Growth as a Mid-Sized Organization
Helping midsize organizations leverage key partnerships to address challenges around talent, market, regulatory compliance, and leveraging capital.