How to Navigate the EMEA Cyber Risk Insurance Market

How to Navigate the EMEA Cyber Risk Insurance Market
May 21, 2024 16 mins

How to Navigate the EMEA Cyber Risk Insurance Market

How to Navigate the EMEA Cyber Risk Insurance Market Banner

As the cyber insurance landscape continues to evolve in EMEA, companies need actionable insights and solutions to strengthen their cyber risk strategies.

Key Takeaways
  1. Despite heightened cyber security regulations and a notable surge in cyber and privacy incidents, cyber insurance pricing is expected to remain stable through 2024.
  2. Proactively engaging with knowledgeable insurers will help companies protect against emerging cyber threats.
  3. Risk managers can adopt four ways to make better cyber security policy decisions.

The dynamic cyber landscape is shaped by several factors — from heightened privacy and cyber security regulations and evolving privacy litigation culture to increasing ransomware events, the emergence of artificial intelligence (AI) and machine learning-driven cyberattacks. This reflects the growing complexity and severity of cyber risks.

Key trends shaping the EMEA cyber insurance market include:

  • 1. Surging ransomware attacks
    • Ransomware attacks spiked drastically in the first half of 2023 and continued to escalate into Q4 2023. This not only disrupted businesses across business professional services, real estate/construction, and manufacturing, but also increased insurer losses.
    • Ransomware activities will maintain their upward trajectory, posing persistent threats to organizations worldwide. The intersection of these cyber threats with new regulations makes way for agile responses from insurers and brokers alike.
    Cyber Incident Rates Chart
  • 2. Increasing Adoption of Artificial Intelligence
    • The adoption of AI and machine learning also introduces novel risks and challenges, underscoring innovation and adaptation within the cyber insurance ecosystem.
    • Several insureds view AI as not only a potential cyber security threat to be leveraged by bad actors, but also a tool to improve their own cyber security posture.

Against this backdrop, the regulatory landscape is faced with further evolution. Data privacy regulations are expected to come into effect globally, with the U.S. leading the charge. Additionally, with the European Union’s (EU) landmark AI Actand the EU NIS2 Directive on the horizon, cyber security in 2024 promises to be both exhilarating and demanding as it navigates uncharted terrain.

Quote icon

To adequately handle future uncertainty, you need to partner with a long-term insurer who knows your risk, pays claims reliably, and can tailor policy wording to suit your exposures and incident response plans.

Pablo Constenla
Head of Cyber Coverage & Claims, Cyber Solutions, EMEA

Systemic Risk is a Top Concern for Insurers

Systemic risk continues to play an important role in the evaluation, scrutiny and, in some instances, restricted coverage offered for critical infrastructure, correlated events and war. Certain insurers restrict coverage on either a generalized or event-specific basis.

Since passing the first anniversary of Lloyd’s cyber war exclusion market bulletin,domestic insurers are starting to implement similar wording concepts (e.g., a compliant war and cyber operations exclusion must now be included in policies purchased through Lloyd’s). This has led to some confusion and market income loss.

“After years of discussion and negotiation, it seems the market has finally come to a landing with respect to the scope and wording of war and cyber operations exclusions, which is evident in the January 1st renewals,” says Pablo Constenla, Aon’s Head of Cyber Coverage and Claims for EMEA. “This highlights the importance of organizations partnering with insurers to review and secure the right limit and coverage.”


Increase in ransomware activity in Q4 2023

Source: Aon Cyber Solutions

Buyer-Friendly Cyber Market Conditions Prevail

Despite a growing number of cyber incidents, heighted privacy regulation, as well as the increase in class actions (and the implementation of the European Representative Actions Directive), the EMEA’s buyer-friendly cyber market expanded due to new and returning insurers bringing in fresh capital and intensifying competition and businesses— ultimately strengthening cyber security.


Decline in cyber premium rates in Q1 2024

Source: Aon Cyber Solutions internal benchmarking data

In 2023 and early 2024, organizations might have had more options for coverage if they could demonstrate a high-quality risk such as one that is:

  • well-articulated around their cyber security resilience journey
  • well-prepared with good risk information, no claims history, etc...
  • well-protected around key security controls

This appears to have led to better business interruption coverage, more precise language based on claims experience and readiness from insurers to cooperate with organizations and more closely customize insurance programs according to specific needs.

Economic fluctuations, coupled with a shift in the geopolitical environment and widespread systemic cyber events, further shape the buyer-friendly cyber market.

“Organizations should make the most of the current favorable market conditions by carefully considering their cyber insurance buying strategy,” says Søren Stryger, Chief Broking Officer, Cyber Solutions, EMEA . “Doing so will not only optimize terms and conditions, but also build resilience for future market movements.”

Areas to watch carefully include supply chain attacks, silent attacks, more sophisticated regulatory fines, and penalties and changes in data protection litigation culture.

Even though cyber incidents are increasing, most cyber claims are resolved based on experience. “Insurers understand the complexity and uniqueness of each cyber claim,” Constenla explains. “Having an open mindset is crucial for the successful outcome.”

Quote icon

To avoid financial and reputational damage from cyber and privacy incidents, companies must adopt proactive cyber risk management practices and customized cyber insurance aligned with their cyber security strategy.

Søren Stryger
Chief Broking Officer, Cyber Solutions, EMEA

Navigate the Future Cyber Space with Confidence

Here are four ways to make better cyber policy decisions:

  • 1. Build stability and bespoke solutions.

    Now is the right time to review your policy, including new risks such as increased legalization. Understand changes and how different insurance policies work together to create stabilization and ensure coverage remains relevant.

  • 2. Quantify your cyber risk.

    With the evolution of AI technologies potentially being used for or against a business, it is important to understand existing risks and work toward insuring them appropriately. While the focus in previous years was on coverage, organizations can partner with insurers to drive conversations around:

    • Wording
    • Relevance
    • 360 days consideration to salvage policy
  • 3. Partner with the whole organization.

    Cyber and privacy risk is a company risk. Work together with the entire business to effectively showcase controls — from the chief information security officer and privacy counsel to different teams across the organization.

  • 4. Maintain the confidential nature of insurance policies.

    Keep threat actors from knowing coverage information that can be used against the organization. Bad actors continue to threaten victims and demand ransom payments that are based on the client’s insurance coverage limits.

It is essential for risk managers to review the tools, technologies and procedures necessary to help combat cyber threats.

“Proactively engage with knowledgeable insurers and stay ahead of emerging threats,” advises Stryger. “This will allow risk managers to better protect their organization’s resilience against cyber risks.”

Aon’s Thought Leaders
  • Pablo Constenla
    Head of Cyber Coverage & Claims, Cyber Solutions, EMEA
  • Søren Stryger
    Chief Broking Officer, Cyber Solutions, EMEA

General Disclaimer

This material has been prepared for informational purposes only and should not be relied on for any other purpose. You should consult with your own professional advisors before implementing any recommendation or following the guidance provided herein. Further, the information provided, and the statements expressed are not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information and use sources that we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future.

All descriptions, summaries or highlights of coverage are for general informational purposes only and do not amend, alter or modify the actual terms or conditions of any insurance policy. Coverage is governed only by the terms and conditions of the relevant policy.

Terms of Use

The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.

More Like This

View All
Subscribe CTA Banner