FERMA has today announced the release of its latest cyber report – Demystifying Cyber Insurance: Today’s Trends & Tomorrow’s Challenges – which explores the role of cyber insurance as a key component of a comprehensive resilience strategy.
Targeted at key stakeholders in the cyber insurance market, including (re)insurers, brokers, risk managers, and corporate insurance buyers more broadly, the report provides an overview of the current state of the sector and the factors shaping it. It aims to build a clearer understanding of the types of risks cyber insurance can cover and how. Additionally, it addresses persistent challenges, clarifies common misunderstandings regarding coverage, and offers practical recommendations.
Produced in partnership with Marsh and Howden, the report follows up on FERMA’s 2023 study, Cyber Insurance Dialogue: How Europe Can Lead the Way to Cyber Resilience.
Noting that persistent doubts remain within the risk management community regarding the topic of cyber insurance, the study highlights several long-standing concerns held by European risk managers, including:
Exclusions: Particularly for war and systemic risks, as well as the exclusion of cyber risks from traditional policies (e.g. property and business interruption), amid perceptions that (re)insurers are moving toward broader exclusions.
Coverage gaps: Arising from the interaction between disparate traditional insurance policies and cyber-specific policies.
Claims management: Especially around unclear triggers and frequent disputes over claims payments.
Low penetration rate for certain companies, specifically SMEs
These concerns are echoed in FERMA’s Global Risk Manager Survey Report 2024, which found that 53% of respondents believed some of their critical business activities might become uninsurable. Cyberattacks, digitalisation risks, and technological threats were all cited among the top five areas where coverage is seen as most likely to be withdrawn.
However, the study challenges whether this concern on the part of risk managers is entirely justified. Philippe Cotelle, the chair of FERMA’s Digital Committee, commented: “We believe that these persistent doubts do not fully reflect the current state of the cyber insurance market. Although challenges undeniably remain, a lack of awareness and understanding about cyber insurance products contributes to underestimating the value cyber insurance can bring to organisations, ultimately limiting the level of resilience that European businesses could achieve.”
The report also reinforces the message that cyber insurance should not be seen as a replacement for robust cybersecurity measures, but rather as a complementary tool to help organisations manage and transfer financial risks associated with cyber incidents.
Stressing that cyber insurance does not cover all cyber events, but rather addresses exposures not already included in other policies, the study stresses the importance of risk managers conducting a comprehensive cyber exposure analysis and reviewing the full suite of policies to identify potential gaps or overlaps.
Key actions should include:
Conducting a thorough review of all policies, in collaboration with brokers, to eliminate gaps and overlaps and ensure all critical scenarios identified by internal stakeholders (e.g. CISO, Risk Manager, CFO) are adequately covered.
Better training brokers and other intermediaries through continuous education and capability-building across the industry.
Tacking the widespread confusion between cyber insurance and crime coverage. These risks should be assessed holistically, and in many cases, a blended solution may offer greater clarity and value.
Better tailored cyber insurance products to clients’ specific needs.
Cyber security controls and cyber insurance should not be seen as substitutes for each other but rather as complementary tools.
Commenting on the ambitions of the study, Charlotte Hedemark, President of FERMA, concluded: “Ultimately, achieving a more stable and resilient economy requires a collaborative approach, with insurers, brokers, and clients working together to address cyber risk in a comprehensive and sustainable manner. The solution lies in the insurance industry’s ability to listen more closely to client needs and to challenge itself to evolve, offering more relevant, transparent, and value-driven solutions in a rapidly changing risk landscape.”
She added: “With this report, FERMA, Howden and Marsh reiterate their longstanding commitment to constructive engagement with all stakeholders in building a well-functioning and affordable cyber insurance market that supports the overall resilience of the EU economy.”
