Insurance companies have also developed products for companies or administrations and associations so that they can protect themselves against the risks associated with cyber attacks. In Belgium, several companies are active in this sector, Ethias (for communities and associations), DVV or Axa, to name a few. The cyber-attack risk insurance market aimed at large companies is more in the hands of Anglo-Saxon companies that have been developing these products longer and that have more resources to cover these large risks.
The report annuls 2021 of Assuralia, the federation of the insurance sector, dedicated a part to the issue of cybercrime and the coverage of this risk and gave the floor to those responsible for Ethias and Vanbreda. “25% of our customers have taken out cyber insurance”explained Tom Van Britsom of Vanbreda Risk & Benefits on the insurer’s corporate customers. “VSs contracts have certainly proven their usefulness: one claim has been registered in cyber insurance in four in the last ten years”, added Tom Van Britsom.
At Axa, “cyber protection” insurance products are primarily aimed at very small businesses. This represents “some percent of our policyholders, I can’t say that we have ten percent that take out this type of insurance”explains Pierre-Alexandre David, director of business insurance, including “cyber protection” insurance.
In terms of annual bonuses, for these small companies, “we start at 350 euros, up to 1000 euros for the scope we have of small business”, explains Pierre-Alexandre David. For that price, the company will be able to turn to its insurer in the event of a cyberattack. The expenses covered are, first and foremost, “analysis costs”, details Pierre-Alexandre David, to understand what happened, then the costs necessary to remove a possible virus. Other taxes, “costs to restore data from backup”, explains the manager of Axa. Deleted data, encrypted data, the insurer will thus be able to intervene in the costs necessary to restore the databases, for example if necessary “putting the team to recode certain things”, continues Pierre-Alexandre David. The insurer will also intervene in the “verification costs to verify the validation of the information that will be reconstituted”, adds the manager of Axa. The insurer can also help contact the company’s customers or partners whose data has been hacked.
These costs, which will be borne by the insurer, may “really numbers“, explains Valérie Kriescher, responsible for Ethias’ “B2B” insurance products. “If the attack is successful, it can reach the back-up of the entity and restoration costs can easily amount to a few hundred thousand euros, depending on the size of the entity”, continues Valerie Kriescher. The insurance industry works in this area of “cyber insurance” with outside companies. “There are specialized companies that have specialists who go on site, who will analyze the hardware, see what they can recover“, continues the manager of Ethias.
On the other hand, companies that insure themselves against the risk of cyberattacks must commit to respecting security measures, “basic requirements”, as Valérie Kriescher points out. In Etias, “we offer our public customers upstream IT support”, She explains. For customers who have not yet taken all the basic care, the insurance company can also put them on their way, “to help them implement a range of protections for their systems and software”explains Valerie Kriescher. “The idea of all insurers is no longer just to offer an insurance product, but really an ecosystem, i.e. insurance, but also the services of a service provider to ensure that the customer continues to take all necessary measures to avoid an attack. “continues Valerie Kriescher.
The person responsible for these insurances at Ethias, however, points out that there is a trend towards an increase in premiums to be paid for coverage against “cybernetic” risk. “There is really, among reinsurers, a very significant desire to increase premiums”explains Valerie Kriescher. “With us, we were also forced to significantly increase premiums, almost twice, because in general the cyber insurance market is loss-making”continues the manager of Ethias.