European cyber market growing rapidly: EIOPA


The European cyber insurance industry is growing rapidly, according to a report by the European Insurance and Occupational Pensions Authority (EIOPA).

The report, Cyber Risk for Insurers – Challenges and Opportunities, said European cyber coverage increased by 72 percent in 2018 in terms of gross written premium, based on the insurers it surveyed. 

That amounts to €295 million in 2018, compared with €172 million in 2017. 

The EIOPA report, which analysed cyber risk both as it is experienced by insurers, and in terms of how insurers can mitigate risk across the economy, acknowledged the role cyber insurance can play in facilitating the digital revolution. The growth of the digital economy, and the advance of technology, offer considerable opportunities to cyber underwriters, it added. 

However, EIOPA warned that insurers themselves are also at risk, given the increasing frequency and sophistication of cyber attacks, the fast digital transformation and the increased use of big data and cloud computing. 

The industry was particularly challenged by the amount of confidential policyholder information insurers possess, it said. 

Cyber underwriters are calling for clear, comprehensive and common requirements on the governance of cybersecurity, which they argue will help ensure the safe provision of insurance services, the report found.

Specifically, underwriters want a consistent set of definitions and terminology on cyber risks to be developed. This would enable a more structured and focused dialogue between the industry, supervisors and policymakers, underwriters told EIOPA, enhancing the cyber resilience of the insurance sector.

However, non-affirmative cyber exposures, or silent cyber, remains a concern. “While common efforts to assess and address non-affirmative cyber risks are under way, some insurers have adopted a 'wait-and-see' approach to address non-affirmative cyber risk,” the report said. 

The report said that enhanced data collection on cyber incidents and losses, based on common standards, should allow insurers to manage and price their affirmative cyber risk exposures more effectively. 

EIOPA questioned 41 large re/insurance groups across 12 European countries: Austria, Belgium, Denmark, Finland, France, Germany, Italy, Netherlands, Norway, Spain, Sweden and the United Kingdom.


Cyber, European Insurance and Occupational Pensions Authority, EIOPA,

Captive International