Vanbreda Cyber Security Study: 21% of all cyber security incidents in 2022 resulted in damage in excess of 100,000 euro
Now, more than ever Belgian companies are aware of potential digital risks and recognise the need to protect themselves via cyber security insurance. Damage statistics in our cyber portfolio also show that cyber security incidents are becoming more and more costly for Belgian companies. In 2022 the total cost of 1 in 5 incidents exceeded 100,000 euro. Regular security updates, employee training and choosing the right IT partner should all be part of an effective prevention strategy. They are also important criteria when it comes to arranging cyber security insurance in the Belgian market today.
Main key statistics relating to cyber security insurance at Vanbreda Risk & Benefits:
- The premium volume of cyber security policies increased by 30% in 2022.
- More than 100 companies took out cyber security insurance for the first time last year.
- 1 in 3 insured companies were already affected by a damage claim.
- In 27% of cases a cyber security incident resulted in business downtime.
- In 21% of cases the damage exceeded 100,000 euro.
- 12% of cyber security incidents were associated with a data breach.
Insurance premium peaks
The cyber security insurance market experienced even greater pressure in 2022, and Vanbreda Risk & Benefits does not expect to see any change any time soon in 2023. Cyber security expert Tom Van Britsom: “The downward pressure on all types of insurance premiums over the past decade combined with cyber security incidents over the past few years have made the situation for cyber security insurers untenable. Premiums took off again in 2022: we recorded increases of up to 300%.”
Incidents are having an adverse effect on insurance capacity
The impact of cyber security incidents is significant, particularly as a result of the many data breaches involving sensitive personal data and ransomware attacks resulting in ransom demands and business interruption. Cyber security expert Christophe Liekens: “This led to some insurers no longer being keen on covering cyber security risks in 2022 and insurers had to collaborate more frequently in order to continue to provide companies with the same level of cover.”
To maintain a healthy cyber security insurance market going forward, the underwriting criteria for companies were tightened last year, which made it more difficult to arrange new cyber security insurance. Christophe Liekens: “Many companies also faced issues such as higher premiums, higher excess amounts, fewer guarantees and lower insured capitals last year. Some companies even had to be willing to pay for a specific share of the damage themselves, on top of the excess, in the event of a ransomware attack.”
Companies in charge of affordable cyber security policies
Cyber security insurers also expected companies to make greater efforts in terms of prevention, including the tightening of internal procedures, regular updates and better security for IT systems, as well as providing training for employees. Similar to last year, our study shows that human intervention was at the root of most cyber security incidents.
Tom Van Britsom: “We have noticed that errors are still common at all levels within a company, e.g. someone clicking on a rogue link in an e-mail. Or worse: sometimes a personal login will be used to provide direct access to the company’s systems. Even one such individual action can lead to an interruption in business activities resulting in rapidly rising costs. Fortunately, we are also seeing positive results among companies that train employees on how to recognize phishing e-mails.”
Transparent service provision via external partners
In addition to a strong focus on in-house processes, quality partnerships with external service providers are also important. Christophe Liekens: “Many companies currently focus on their own cyber security, incidentally a requirement of all cyber security insurers, but insurers are also increasingly scrutinising, for example, the IT partners a company is collaborating with. Thoroughly screening a partner beforehand is paramount. Your own security may be top-notch, but it is put at risk if your data manager’s is not.”
Financial protection and sound guidance via cyber security insurance
The proportion of companies with cyber security insurance in Vanbreda Risk & Benefits’ portfolio has been on the rise for several years. The total premium volume in cyber security insurance increased to 13.2 million euro in 2022, up 30% from 2021. The insurance covers reimbursement of damages incurred, and provides access to a network of professionals who will help the company mitigate damages and become fully operational again soon after an incident. A professional IT provider’s responsibilities include detecting and resolving the IT incident. Legal assistance is also included, as is support from a PR agency in terms of (crisis) press communications.
Tom Van Britsom: “This total package of services provided by experienced experts offers tremendous and tangible added value to a company facing a cyber security incident, which explains the rising interest in cyber security insurance. We also noted in 2022 that with many organizations this insurance is now part of their standard insurance package.”
Download our infographic with the 2022 figures here.
Want to know more?
Would you like more information or do you require advice tailored to your company? Feel free to contact our experts.