Digital transformation across Europe is changing what is insurable, and technology is now a primary risk driver. In this interview, Paul Johannes Spittau, Head of Group Carrier Relations & Insurance Mediation at GrECo International, speaks with Andrej Krvavica, General Manager at GrECo Croatia, about how governance and digital resilience are reshaping insurance demand in Croatia.
From digital tools to systemic risk
Spittau: Looking towards 2030, what technology trends do you see shaping risk and insurability?
Krvavica: Technology is no longer just a collection of tools. Instead, it has become central to how risks develop and spread throughout the insurance landscape. As AI and cyber threats play an increasingly important role, insurers are confronted with new challenges around accountability and business continuity, as traditional policies may not address these emerging risks. Robust governance and digital resilience are now essential to secure coverage, requiring firms to demonstrate control over their data and systems. Meanwhile, Europe’s emphasis on digital sovereignty is encouraging insurers to offer more customised solutions that respond to evolving risks and regulatory demands, ensuring that coverage keeps pace with the rapid changes brought by digital transformation.
Croatia’s digital risk profile in focus
Spittau: What are the most significant country‑specific digital risk drivers in Croatia?
Krvavica: In Croatia, three structural drivers stand out.
First, digitalisation is outpacing resilience. SMEs adopt digital tools fast, but security governance and incident‑response maturity often lag, raising exposure to cyber events and operational disruption.
Second, cyber risk is becoming systemic. Under frameworks like DORA, regulators treat cyber as a financial‑stability issue, especially in financial services and among critical ICT providers.
Third, digitally connected infrastructure creates cyber‑physical risk. Smart energy, transport and municipal systems boost efficiency, but they also amplify systemic exposure.
Overall, the focus moves away from historical loss experience and towards resilience, governance and prevention.
Where digital investment is reshaping insurance demand
Spittau: Where is digital investment accelerating fastest, and how does this affect insurance demand?
Krvavica: Investment is accelerating wherever resilience and continuity are mission‑critical. That is most visible in financial services—cloud modernisation, automation, data platforms and cyber resilience—and in energy, transport and infrastructure, where technology is now built into operational processes. SMEs are strengthening analytics, but AI and automation remain uneven and are often not anchored in structured risk planning.
For insurance, the focus shifts from pure data breach to shutdowns and regulatory exposure. Cyber cover increasingly targets business interruption and third‑party outages, while technology E&O matters more as liability moves into system design and AI logic.
Market dynamics: limited local capacity, international reality
Spittau: How is the Croatian insurance market responding to these developments?
Krvavica: Local cyber insurance capacity remains extremely limited. Only one domestic insurer offers a standard cyber product, mainly for SMEs, and the scope is restricted.
For mid‑sized and larger organisations, meaningful cyber and technology risks must be placed internationally.
That makes the broker’s role fundamentally advisory: structure the placement, position the risk and translate it for international underwriters.
How GrECo shifts outcomes in digital risk
Spittau: Where does GrECo make a tangible difference for clients?
Krvavica: Cyber insurance in Croatia is not off the shelf, so our role goes far beyond placement.
We prepare risks for underwriting by mapping dependencies, clarifying exposures and testing incident readiness. We also translate regulation into insurable risk by aligning governance and documentation with underwriter expectations.
In addition, we design international and multinational cyber programmes (master policies, FoS placements and FINC structures). And we embed incident response into the insurance strategy so escalation and notification work in practice.
Renewals outlook: a pragmatic playbook for 2026
Spittau: What should companies prioritise ahead of the 2026 renewal season?
Krvavica: Capacity remains available globally, but Croatian risks will still rely on international placements.
Three actions are critical: prepare the risk before you go to market (map dependencies and downtime tolerances), align incident response with policy mechanics, and start early; think in programmes, not policies.
Treat cyber renewal as strategy, not administration—that is what consistently delivers better outcomes.
Paul Johannes Spittau
Head of Group Carrier Relations & Insurance Mediation
T +43 664 537 17 42
Andrej Krvavica
General Manager
GrECo Croatia
