On August 2, 2018, the European Insurance and Occupational Pensions Authority (“EIOPA”) published a report summarizing its findings regarding the limited market for stand-alone cyber insurance coverage in Europe, the factors that have restricted the growth of such coverage, and measures that can be taken to further develop the market.
The EIOPA—an EU regulatory body overseeing the insurance and pension industries—based its report on discussions with 13 insurers and reinsurers located in France, Germany, Italy, Switzerland, and the UK. The report sought to identify the conditions present in the European cyber insurance market that have hindered its development as compared to the U.S. market. The EIOPA estimates that approximately 90 percent of the global cyber insurance market is located in the United States, and only about five to eight percent is in Europe.
Based on its dialogue with the surveyed European insurers and reinsurers, the EIOPA found that an overall lack of historical claims data and underwriting expertise in the cyber insurance field has stalled growth in the European market. The EIOPA found that an “insufficient level of understanding of the risks faced by customers is one of the key challenges for the cyber insurance market” in Europe, despite an increase in demand for products covering cyber-related risks. The surveyed insurers pointed to inadequate claims data to use for risk modeling, a rapidly changing regulatory landscape, and the systemic threat of a catastrophic cyber event impacting many policyholders as reasons why they have remained cautious about expanding cyber insurance lines of coverage.
The EIOPA’s report also notes, however, that some of these concerns should be mitigated as the European cyber insurance market matures. For example, the report found that several insurers have made progress in improving risk models and databases of claims data (in some instances purchased from external providers) to evaluate a policyholder’s cyber risk profile more effectively. Likewise, with demand rising for cyber insurance, the report suggests that insurers will invest in personnel with specialized expertise in the area of cyber risk.
The EIOPA also suggests that moderate regulatory involvement may be welcomed by the industry to aid in expanding the cyber market. The report notes that “[t]he most mentioned potential contribution that regulation could make [i]s to ensure appropriate pricing and monitoring of the risks, including aggregation risks.” The surveyed insurers also suggested that regulation could allow for the efficient exchange of data regarding cyber risks amongst numerous insurers placing cyber coverage. Additionally, the insurers stressed that potential government involvement in responding to catastrophic cyber events, such as a failure of critical infrastructure, may be necessary for the cyber insurance market in Europe to grow and remain economically viable.
