de en
Back to the overview page
08/05/2024
Key Topics Cyber ecsolutions Cyber Insurance Policies Digital Security and Technology Cyber Insurance

Cyber insurance

Stability and capacity in the cyber insurance market.

Market situation and review

Demand for cyber insurance remains high. Sufficient capacity is now available. Although a large risk carrier has withdrawn from the market, more and more providers of cyber insurance are constantly entering the market to capture a share of it. The level of premiums has stabilized due to the increasing competition and savings can be realized in individual cases. Moreover, the scope of the risk assessment for small and medium-sized companies is reduced, enabling them to obtain insurance coverage.

The situation is different for larger companies. Underwriters demand a high level of cyber hygiene and a sophisticated minimum standard of information security for cyber risks to be insurable. Examples include multifactor authentication, EDR, privileged access management (PAM), employee training and contingency plans. Risk carriers are beginning to conduct ongoing vulnerability scans during the year and offer awareness training for employees in companies in order to continuously reduce their customers' cyber risk.
 

Another topic is the EU NIS-2 Directive (short for: Network and Information Systems Directive 2), which is to be transposed into German law by October 2024 at the latest (realistically by early 2025). In the future, significantly more companies will be covered by the directive than before: organizations with at least 50 employees or an annual turnover of more than ten million euros will be directly affected and will have to meet extensive IT security requirements in the future. In addition, larger security incidents must be reported to the relevant authority within 24 hours. Furthermore, companies that operate critical systems will in future be obliged to prove to the Federal Office for Information Security (BSI) that they meet the legal requirements. Non-compliance can result in substantial fines.
 

Furthermore, insurers and reinsurers have established changes to their terms and conditions in order to exclude systemic and geopolitical risks (e.g. war situations) from their payment obligations. Other exclusions, such as extended infrastructure failures, are intended to make the cyber insurance market more crisis-resistant and fit for the future.
 

The first two court rulings on cyber claims have already been made, but have not provided any clear guidance, as both cases were based on a lack of transparency in risk assessment. The outcome of the proceedings is still open, as both are going to the next instance. The final result is likely to have a significant influence on the behavior of risk carriers with regard to underwriting.

 

Market developments 2024/2025

For the third year in a row, cyber incidents are ranked as the number one most significant business risk worldwide in the Allianz Risk Barometer.

The cyber insurance market will continue to grow strongly in the coming years, not least due to increased manager liability and stricter regulations (e.g. NIS-2) and the associated higher need for companies to be covered. The increasing digitalization of the economy and the growing threat of cyber attacks are further growth drivers.

Reinsurers continue to exert a strong influence on the primary insurance market. In an attempt to minimize systemic cyber risks for the insurance market, the reinsurance market will continue to impose isolated changes to conditions, such as exclusions or sublimits, on primary insurers, particularly in the case of major risks. The aim is to minimize potential default risks for the entire insurance industry.

The cyber risk landscape continues to be dominated by ransomware and attacks on supply chains. Technological progress and the associated misuse of new technologies such as artificial intelligence, blockchain and cloud computing are opening up new possibilities for cyber attacks, but also for defense.

 

Conclusion

The relevance and necessity of covering cyber risks is not only still given, but is continuously increasing. The large number of products and services available on the market creates a certain lack of transparency. At the same time, however, this also offers companies great opportunities – provided they have a partner at their side who can shed light on the situation, who is familiar with the possibilities of the market and can thus provide a stable basis for cyber security.

 

Your deas solution

The Ecclesia Cyber special unit brings together technical experts from the deas and Ecclesia Group and is at the forefront of innovative and flexible cyber insurance solutions. With comprehensive know-how in the IT sector, we design holistic and customized products for your cyber security and offer you advice tailored to your individual risk situation, as well as a strong, insurance-independent partner network. We are at your side as a reliable partner in the event of damage or suspicion.
 

Robert Drexler