Europe’s buyers underinsure cyber and IP risks: Aon

The likelihood of a loss is higher for intangible assets, and will increase with growth in use of AI, broker warns

Europe’s businesses are too exposed to cyber risks, driven by the rising threat from generative AI over the next two years, according to Aon. The broker warns businesses in Europe, the Middle East and Africa to “reassess” their insurance cover for cyber but also for intellectual property and other intangible assets as it highlights protection gaps for both areas.

Publishing its 2024 Intangible Versus Tangible Risks Comparison Report, Aon says the average probable maximum loss for intangible assets is almost 43% higher than for tangible assets, while the likelihood of a significant cyber event affecting intangible assets is three times greater than for property, plant and equipment.

Based on responses from almost 600 businesses in the EMEA region, Aon says it has uncovered “a key discrepancy in insurance coverage”, with insurance in place to cover only 17% of information assets while businesses insure 60% of property, plant and equipment.

“This gap has remained unchanged over the past two years, despite the increasing value of intangible assets and the growing frequency of substantial cyber breaches,” Aon says.

More than half of businesses in the poll had recorded a material or significantly disruptive security or data breach at least once in the past 24 months, the report says. But only 36% of businesses say their cyber insurance policies cover ransomware attack costs.

Moreover, 69% of businesses use or plan to use AI products and services, although Aon said the number and severity of cyberattacks is expected to rise with the growing use of generative AI.

“Despite these findings, many businesses still lack adequate coverage for trade secret theft and intellectual property liability – potentially exposing them to heightened financial risks,” Aon warns. “Gen AI may enhance the existing tactics, techniques, and procedures of cyber criminals, as well as make it easier for novice cyber criminals to carry out effective attacks, contributing to an increased global ransomware threat.”

It further explains that Europe’s new regulations under the AI Act could “inadvertently prompt more litigation from copyright holders”.

David Molony, head of cyber solutions EMEA at Aon, said cyber insurance has evolved to address key losses from cyber events, including offering more favourable terms and rates for businesses with the strongest cybersecurity protections.

But he added: “The increasing value of intangible assets, alongside the rise of generative AI, represents a paradigm shift in cyber risk, while the EU’s new AI Act is only likely to introduce more regulatory complexity. Businesses must prepare for these evolving risks and potential liabilities.”

He added that the recent CrowdStrike outage was a “powerful reminder” of the dynamic nature of cyber and technology risk, which underlined the importance of business continuity and incident response practices, as well as the need for cyber insurance protection.

“This evolving landscape presents major opportunities for global businesses to rethink their risk strategies, whether through conventional risk transfer mechanisms or by leveraging capabilities in alternative capital arrangements, such as captives and reinsurance markets,” Molony explained.

Back to top button