Cyber insurance, now out of its infancy, has become an essential part of risk management. Stephan Eberlein, cyber expert at GrECo Specialty, reports on how you can get tailored cyber insurance with the best conditions, even in the current market environment.

For years, GrECo has been concerned with communicating to its clients that cyber incidents can be major loss events with serious effects on the company’s success or reputation. Risk transfer via an insurance solution is an important measure for effective cyber risk management.

At the beginning, there was still a lack of risk awareness among domestic company managers, who were “still” convinced of the effectiveness of their firewalls & co. The available cyber insurances were also still in their infancy and their complexity was not easy to understand. However, there was a euphoria in the insurance industry, which provided plenty of capacity at very low premiums to generate market share.

Cyber threats: the No. 1 business risk

Since 2019 at the latest, the world has entered a new cyber era. Although the IT landscape has faced viruses, security breaches and other forms of cyber attacks for years, cyber criminals have become increasingly sophisticated. Meanwhile cyber threats now represent the top business risk (source: Allianz Risk Barometer 2020).

Due to the large number of reports of cyber attacks and their serious financial consequences, many business leaders around the world have taken out cyber insurance at favorable premium costs. In early 2020, Munich Re valued the European cyber insurance market at more than 1 billion USD.

The digitalization accelerated by the Corona crisis not only led to a further sharp increase in cyber insurance policies last year, but also to a rapid increase in claims. Insurers had to deal with ransomware attacks on a large scale. Acting as an accelerant to the negative claims figures are incidents such as SolarWinds, the latest global cyber incident that even compromised government systems. Experts estimate that the insurance industry will have to pay about 90 million USD for this incident.

Cyber insurers are now complaining that claims payments far exceed premiums. Insureds are now feeling the consequences in their policy renewals: capacities are being cut and premiums are being increased, sometimes sharply. In addition, the application process for large companies is becoming more and more burdensome. In other words, market hardening has not stopped at cyber insurance.

Key to best possible conditions

In the current market environment, a “risk-based” approach and transparency are the key to a tailored insurance solution at the best possible conditions, both for contract renewals and new contracts.

However, companies often do not have sufficient answers to questions such as: Which “crown jewels” need to be protected? What is the financial impact of an intervention on these assets? We therefore recommend assessing the cyber risk as part of a loss potential analysis in order to derive the insurance requirements.

Cyber security audits are used to determine the maturity level of IT security, because insurers now consistently demand minimum protection standards. This means that it is worth checking in advance whether the technical and organizational security measures correspond to the state of the art.

Regular awareness trainings for employees and penetration tests also have a very positive effect on risk assessment by the coverage market. On one hand, these measures serve to raise awareness, and on the other hand, they allow companies to test an emergency situation and derive important conclusions for their cyber risk management from the results.

Support in risk and insurance issues

GrECo’s experts accompany you throughout the entire phase of preliminary work up to the completion of the customized solution. They identify potential for improvement in IT security, shed light on the market environment and coverage options. They manage the marketing process, in which detailed questions often have to be answered. We are currently in a seller’s market. This means that the more transparent and better the company’s individual risk situation can be presented, the greater the insurers’ appetite for risk and the more attractive the outcome of the negotiations. So-called “underwriter meetings” also have a positive influence on the results of negotiations. In these meetings, the insurers’ risk engineers have the opportunity to ask detailed questions directly to the company’s managers. This facilitates the application process and promotes trust.

Cyber insurance, the new fire insurance

It is now undisputed that cyber insurance can effectively reduce or compensate for the financial loss in a cyber incident. The current loss events have demonstrated this clearly. Thus, it is more true than ever that cyber insurance should be a standard part of every company’s insurance portfolio. It is now considered the fire insurance of the 21st century.

However, it is important not to see them as a substitute for information security. In addition, companies should be prepared for the fact that insurers subject their risks to an individual review. The better the preparation, the more transparent the risk situation and the more comprehensible the corporate decisions in this area are, the smoother contract renewals and new contracts for cyber insurance will run.

Related Insights

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60