In 2025, Vanbreda Risk & Benefits mainly saw an increase in the number of small claims, with fewer major outliers. 81% of all incidents cost less than 20,000 euros (see graph)
The average cost per incident also fell. There are two reasons for this: improved cyber security and the professional helpline included in cyber insurance meant that companies took action more quickly in the event of an incident. As a result, the number of incidents remained stable and the impact – financial and otherwise – was limited.
Major claims (3%) were due to lengthy business downtime and ransomware payouts.
Many Belgian companies focus solely on their own cyber security. However, the cause of cyber damage is increasingly shifting to external parties. By 2025, more companies were affected by an incident arising at a single crucial supplier. This single-supplier risk makes organisations particularly vulnerable. A booking system, a ticketing platform or even a firewall that suddenly fails because a supplier experiences a cyber incident are all examples of this. Businesses are still failing to take this into account properly and often have few if any alternatives.
Despite the global increase in cyber crime, Vanbreda Risk & Benefits saw a fall in cyber insurance premiums in 2025. This is due to two structural developments: the cyber market is maturing and companies are investing more in prevention.
- In 2025, new insurers entered the market with competitive rates. Vanbreda Risk & Benefits is now working with 20 cyber insurers – twice as many as five years ago. This increased competition has put further pressure on premiums. These did not increase last year, and discounts became possible more frequently. As a result, the total premium volume of the cyber portfolio at Vanbreda Risk & Benefits remained stable.
- Thanks to improved prevention, incidents are being dealt with more quickly and effectively, and large claims – often resulting from ransomware or business downtime – are less likely to arise.
Tom Van Britsom, cyber expert at Vanbreda Risk & Benefits
Insurers were even more critical about taking on risks in cyber in 2025. These five cyber security requirements are decisive:
- Mandatory multi-factor authentication
- Stringent backup procedures, including separate, quickly recoverable backups
- Endpoint security for laptops, mobile devices, servers, etc.
- Vulnerability management: password policies, multiple service providers, etc.
- Security awareness and testing:
pentesting (penetration testing), phishing training and online courses
Preventive measures are necessary not just for insurance coverage but to keep premiums under control and comply with NIS2 legislation. This regulation prompted businesses to step up their security with robust measures last year.
Tom Van Britsom, Cyber expert at Vanbreda Risk & Benefits
Vanbreda Risk & Benefits also found that many businesses that took out cyber insurance years ago have failed to adjust their insured amount to reflect their growth or changing risk profile. For example, a food company with a revenue of 100 million euros needed an average of 1 million euros of cover five years ago. Today, 2.5 to 5 million euros is needed for sound risk management.
‘The financial impact of underinsurance is real. A cyber incident encompasses the costs of specialist expertise, but also downtime, reputational damage, potential ransomware, and so on. It’s a chain reaction that quickly increases the total damage. We therefore advise Belgian companies to analyse their cyber risks thoroughly, paying particular attention to single-supplier risk and their insured amount. An ongoing focus on prevention through phishing training, workshops and other IT security measures remains crucial to prevent cyber incidents and limit their impact.’
Tom Van Britsom, Cyber expert at Vanbreda Risk & Benefits
Do you have any questions about this press release, or would you like to receive more information? Contact:
- Isabelle Hoes
- Senior Advisor External Communication at Vanbreda Risk & Benefits
- E-mail: pers@vanbreda.be
