ENISA: Cyber Insurance: Recent Advances, Good Practices and Challenges

07/11/2016 13:37

The aim of the report is to raise awareness for the most impactful market advances, by shortly identifying the most significant cyber insurance developments for the past four years – during 2012 to 2016 – and to capture the good practices and challenges during the early stages of the cyber insurance lifecycle, i.e. before an actual policy is signed, laying the ground for future work in the area.

Member States understanding the importance of addressing cyber-risk, have taken relevant action by publishing guides of good cyber-hygiene[1] [2]. Insurance federations have also shown a great interest in cyber-insurance, with actions taking place both at the European and national level.

A rising concern among a number of insurers is found to be the uncertainty around accumulating risk[3]. A subset of key recommendations, for the betterment of the cyber insurance constituency, to policy makers, insurance companies, and future customers include:

  • To policy makers: avoid the introduction of mandatory requirements that might undermine the cyber-insurance market adoption rate
  • To insurance companies: a) consider adopting common standards and methodologies, b) introduce explanatory sessions, and provide customer scenarios and generic examples of policy coverage and c) clarify the policy language and offer a transparent underwriting process
  • To cyber insurance customers: get informed, prepare and document the environment before requesting a cyber-insurance policy.

The report is targeted primarily at insurance companies, to either benchmark themselves against the market trends, or evaluate good practices before entering the market. Additional beneficiaries are customers interested to adopt a cyber insurance policy. Founded to address residual risk, the cyber insurance market is anticipating a growth in both technological and sales volume terms; a growth that is expected to be further accelerated by the legislative additions of the GDPR and NIS Directive.


Full report is available here

Download the Report.
Read more: