Cyber market showing signs of maturity

Cyber was one of the most difficult areas for risk and insurance managers in the Netherlands and across Europe during the height of the recent hard market, as capacity dried up and prices spiralled along with D&O.

For many it seemed as though the insurance market was in terminal retreat in the face of ever-rising losses and fears over systemic risk.

A group of leading European firms responded to the capacity crunch by forming Belgium-based capitalised mutual MIRIS, which commenced underwriting in January of this year.

But the insurance market now appears to be reaching a more rational equilibrium from a capacity and pricing perspective.

Capacity and limits may remain tight but evidence from the Dutch leg of our Risk Frontiers Europe survey suggests that the focus has positively shifted to cyber risk mitigation and management, which perhaps shows signs of a maturing market.

Jeroen Gruter, corporate insurance manager at TBI Holdings, pointed to new EU guidelines on cyber such as NIS2. It imposes new cybersecurity obligations on a wider range of “essential” and “important” entities when it comes to risk management, reporting cyber incidents and information sharing.

Under these rules, critical entities will need to implement new processes and policies to comply with the new obligations. This will help focus the mind on cyber security at the highest level, said Gruter.

“The EU guidelines will raise awareness among company board members and ensure they know they have to do something and help give impetus in this critical area,” he said.

Bonny Lepidis, insurance manager at housing association Havensteder & Trivire, pointed out that a big challenge with cyber is that the risk constantly evolves.

But, as Narim colleagues pointed out, the key issue is being aware of the potential scale and scope of the risk, and need for action. “It is really about awareness, that is the key,” said Gruter.

Cyber risk and insurance has evolved remarkably quickly over the last two decades or so, not surprisingly given the speed of the digital transformation.

Any risk manager would have to honestly admit that their corporations have adapted and embraced new technologies that offer potentially huge efficiency, customer experience and cost benefits without really taking the risks into account.

The insurance market also embraced this new line of business as a potential windfall without really considering the real underlying exposure and potential systemic risk.

The eventual, but inevitable, arrival of the hard market, continued rise in day-to-day cyber losses and realisation of the potential scale of systemic losses, not to mention the impact of the war in Ukraine and related cyber threat, has really focused the minds of risk managers and the insurance market.

The Narim members who took part in this roundtable clearly think it will be interesting to see what happens from here.

As one Dutch risk and insurance manager who works for a Swiss-based international real estate group recently pointed out: The only way to approach cyber risk is really to assume that you have no cover and take it from there.