United Kingdom

Why the take-up of cyber insurance is on the rise

October 2019


Across Europe, the cyber insurance market is still in its infancy compared to the more developed market in the US. But that’s beginning to change as businesses realise what role cyber insurance can play in their overall risk management strategy and, as Aon’s latest C-Suite Series report – Prepare for the expected: Safeguarding value in the era of cyber risk – finds, there is around $1 billion in capacity available, making the purchase of standalone cyber cover more relevant now than ever before.

Increasing cyber awareness

Today, cyber insurance market penetration in EMEA is relatively low with only around 30% of companies currently buying standalone cover. That’s up though in recent years and reflects the impact the WannaCry and NotPetya ransomware attacks of 2017 have had in terms of raising awareness of the risk of cyber-attack and how it can paralyse businesses.

We shouldn’t overlook the role that GDPR is playing either in changing attitudes towards cyber insurance. One reason that the US cyber market is so much more developed, is due to the existence of data privacy legislation since the early 2000s and the need for organisations to meet their third-party liability exposures. It’s evident that GDPR is having a similar effect across Europe but there is also a notable focus on covering the first-party losses that businesses can suffer from a cyber-attack.

Businesses are however approaching the purchase of cyber insurance in a diligent, cautious way. Most will undertake a lot of preparation before deciding whether to buy in terms of risk identification and quantification. Carrying out a cyber risk scenario analysis for example can be particularly useful in helping companies better understand their exposure. After that process they might decide to strengthen their own internal IT security and incident response preparedness before they consider buying cover. Over the last five years, more internal stakeholders have become involved in helping to recognise cyber risk within a business which has helped to develop better knowledge around cyber threats and, in turn, increased the understanding of the value of cyber insurance.

Cyber insurance is evolving

Given a business can take all the protective measures available to it, there will always be a risk that a cyber-attack will succeed which inevitably means that businesses will see cyber insurance as a necessity at some point, particularly once all stakeholders are on board with the investment. In response, the cyber insurance market is rapidly evolving to offer better products. The available limits might still lag behind the more traditional markets like property but that’s changing and we expect the market to continue to offer more capacity.

Underwriters and brokers alike have increased their expertise in cyber and, as a broker we will continue to push the market to offer more in areas like non-damage business interruption as well as more help built into policies for both pre- and post-loss where organisations need specialist help in expertise like IT forensics, legal and reputation management.

Evolution never stops

The evolution of digitalisation means the risks from cyber are only going to increase as hackers find new ways to exploit system vulnerabilities and disrupt organisations. Consequently, cyber insurance has a central role to play in how a business manages and mitigates the risk. Cyber insurance may protect an organisation’s balance sheet by providing a financial pay-out after things have gone wrong, but also offering expert consultancy to improve security and on-the-ground incident response support during the period of crisis. Most importantly, one of the key benefits of cyber insurance is pre-loss prevention and post-loss services, helping organisations to recover more quickly.

To find out more about how to protect your business from the cyber risk, read the full Aon report:Prepare for the expected: Safeguarding value in the era of cyber risk

Aon UK Limited is authorised and regulated by the Financial Conduct Authority. FPNAT.482