In an increasingly digitized world, the risks of cyberattacks and data breaches have become ever more prevalent, surging the cyber insurance importance to unprecedented heights.

The cyber landscape is an ever-evolving arena where adversaries are relentless, and the costs of breaches are astronomical. As we embark on a journey through the world of cyber insurance, it’s crucial to understand the current status quo of this dynamic and essential facet of modern risk management.

Exploring the status of cyber insurance coverage in today’s market

As more people turn online, especially after the COVID-19 pandemic, whether for work or their personal lives, there are more potential opportunities for cybercriminals to exploit. Cybercrime is on the rise globally, with estimated growth reaching $17.65trn by 2025, surging even further to a projected $23.87bn in 2027. At the same time, the global cost of cybercrime is expected to rise from $8.44trn in 2022 to $23.82trn in 2027.

Organizations of all sizes are increasingly concerned about the escalating threat of cyber attacks, with small and medium enterprises, also known as SMEs, being particularly vulnerable. In 2022, the world witnessed a staggering 38% surge in global cyberattacks compared to the previous year. Among these attacks, ransomware emerged as the primary weapon in the cybercriminal arsenal, encompassing over 85% of all incidents. This insidious technique involves malicious actors encrypting a company's data and demanding a ransom payment in exchange for the decryption key. Intriguingly, companies with less than 1,000 employees bore the brunt of these attacks, accounting for 82% of all ransomware incidents.

RELATED: Risk to Riches: The Importance of Financial Literacy in Insurance

The main reasons behind this trend and the importance for insurance companies to address SMEs cyber risks are:

• Vulnerabilities: SMEs usually have limited resources, technical expertise, and often inadequate cybersecurity measures, making them appealing targets for cybercriminals looking to exploit weaknesses and gain unauthorized access.
• Financial consequences: successful ransomware attacks can be devastating for SMEs. In 2022 alone, over 700,000 attacks against small businesses resulted in a staggering $3 billion in damages. Alarmingly, 75% of SMEs would be unable to continue their operations if hit by a ransomware attack.
• Lack of awareness: complacency among SMEs regarding the severity and evolving nature of cyber threats often leads to insufficient cybersecurity measures, leaving them exposed. Surprisingly, 48% of companies only purchase cyber insurance after experiencing an attack.

The pressing nature of these worldwide challenges highlights the immediate demand for groundbreaking solutions.

Plug and Play has recently backed Coinnect, a platform that provides in-depth risk evaluations pinpointing vulnerabilities specific to SMEs. In addition, it implements solid strategies for risk reduction and guarantees prompt action during security incidents. With Coinnect's specialized knowledge and offerings, SMEs are equipped to defend their digital assets from cyberattacks actively, ensuring a secure digital environment.

Main challenges for insurers looking to provide SME cyber insurance coverage

Insurance companies face a complex landscape of challenges and opportunities regarding cyber risk.

• Rapidly evolving threat landscape: Picture a battlefield where adversaries continuously adapt and innovate, where new threats lurk around every digital corner. This is the cybersecurity landscape. For insurers, this constant evolution demands continued vigilance and skill.
• Lack of historical data: History must be more extensive in cyber risk. With cybersecurity insurance being a relatively new field, insurers find themselves without the deep well of historical data that underpins their traditional counterparts. This scarcity complicates the delicate art of pricing policies and predicting potential losses.
• Complexity of cyber risks: Cyber risks are a mosaic of complexities, spanning data breaches, ransomware attacks, social engineering, and more. Insurers must craft coverage that navigates this labyrinth, leaving no threat unaddressed.
• Risk assessment and underwriting: Deciphering the cryptic language of cyber risk is no small feat. Insurers must delve deep into an organization's cybersecurity practices, protocols, and measures to determine appropriate coverage and premiums.
• Pricing and profitability: Balancing pricing for cybersecurity insurance policies is akin to taming a digital whirlwind. The dynamic nature of cyber threats, coupled with the absence of historical data, forces insurers into a delicate balancing act between offering competitive pricing and ensuring the profitability of their products.

New opportunities: Empowering SMEs in the cyber frontier through cyber insurance coverage

In the ever-evolving cyber risk landscape, insurance companies have a pivotal role. As they assess and mitigate these digital threats, they shield organizations. By bundling innovative solutions with insurance policies, they offer a comprehensive approach to cyber risk management.

EBOOK: The Generative AI Revolution in Insurance

• New products & innovation: Insurance companies have a canvas of innovation before them. They can craft unique products that address emerging cybersecurity challenges, from safeguarding keyless car keys to fortifying IoT devices.
• Increase revenue streams: Insurers unlock fresh revenue streams by integrating cyber insurance and security services into their portfolios. As businesses awaken to the imperative of safeguarding their digital assets, premiums and related services become significant contributors to their bottom line.
• Competitive advantage: Insurance providers can distinguish themselves by offering comprehensive and tailored cyber insurance solutions. They gain a potent edge in a competitive market by becoming the go-to source for all things cyber-related.
• Risk management: Effective risk management lies at the heart of cyber insurance. Insurers can guide clients through the treacherous waters of financial and reputational damage caused by cyberattacks, forging a mutually beneficial partnership.
• Compliance and legal obligations: As data protection laws evolve, insurers must guide their clients in compliance efforts. Providing appropriate coverage and expert guidance is no longer a choice but a necessity.
• Customer growth & retention: SMEs often grapple with the enigma of cyber risks. Insurers can shine by offering cyber assessments and third-party support, enhancing customer satisfaction, and refining risk evaluation.

Innovations in cyber insurance coverage: Startups, new products, and distribution strategies

At the heart of this transformation are startups that can support and empower insurance companies to adapt and thrive in the world of cyber risk. Below are some areas of innovation that could help insurance companies exploit the opportunities to support SMEs in facing cyber threats.

New products

• Cybersecurity risk assessment services: Insurance providers are stepping into risk assessment, offering cybersecurity assessments to SMEs. These assessments help businesses identify vulnerabilities in their systems and processes, shedding light on their risk exposure. Armed with this knowledge, SMEs can take proactive measures to mitigate potential cyber threats.

Citalid is a cyber risk platform that quantifies cyber threats for Enterprises and Insurers, providing tailored security recommendations. Their AI-driven technology facilitates informed decision-making in cyber risk management, bridging the gap between cyber and insurance sectors.

• Cybersecurity training and education: Recognizing the value of informed clients, insurance companies are investing in cybersecurity training and education initiatives. These efforts empower SMEs with the knowledge and tools needed to bolster their cyber defenses.

Kamaé offers a gamified cybersecurity awareness platform, aiming to educate and empower SME employees against rising cyber threats, positioning itself as the "Duo Lingo" of cybersecurity training.

• Incident response services: Insurance providers are developing incident response services, offering SMEs access to dedicated incident response teams and forensic investigation services. These services enable swift and effective action in the event of a cyber incident.

Coinnect provides cyber incident response services from first-incident calls to post-incident services, with an EU contact center for insurance partners accepting calls in multiple languages.

• Real-time threat monitoring: Proactive threat detection is becoming a cornerstone of cyber insurance. Insurance companies invest in real-time threat monitoring to detect and thwart cyber threats before they escalate into incidents or breaches.

Cyrius introduces a platform that offers a novel approach to mitigating the risks associated with human behavior in the cyber world. Unlike traditional cybersecurity platforms, Cyrius leverages actual behaviors as the basis for monitoring and neutralizing cyberhuman threats in real time. This means that employees receive instant notifications and feedback on their actions, providing a safer alternative and highlighting the potential risks associated with their chosen method.

Distribution

• Bundling cyber infrastructure and cyber insurance: By packaging these two essential services together, distributors can cater to SMEs' immediate needs for security enhancement while providing a contingency plan for potential breaches. This strategic move streamlines the purchasing process for SMEs, ensuring they have a comprehensive solution in one place. For distributors, it creates a value proposition differentiating them in the market, potentially leading to increased sales and customer loyalty.

Stoik offers an integrated approach to cyber risk management, providing proactive risk monitoring and quick-response solutions post-cyberattacks. Their dedicated platform for insurance brokers simplifies client onboarding and contract management, while their CERT-Stoïk team ensures rapid incident response and system restoration.

• Industry associations: Collaboration between industry associations and insurance companies is increasing. This partnership model enables the creation of customized policies that cater to the unique needs of specific industries, ensuring comprehensive coverage.

Vodafone and ELEMENT have developed cybersecurity insurance for private users on Vodafone’s mobile net. Thanks to integrated automatic number recognition, customers can take out cyber insurance quickly via the smartphone, which is helpful for mobile cyber threats like online banking and identity theft.

• Cybersecurity service providers: Insurance providers are forging partnerships with third-party cybersecurity service providers. These alliances allow SMEs to access various cybersecurity services under one roof, from risk assessments to incident response support.

AXA and Accenture partnership aims to offer global cybersecurity services to AXA’s underwriters, brokers, and clients to strengthen their cyber capabilities. AXA will be able to provide its clients additional bespoke services, delivered by Accenture, that will help them understand and mitigate cyber risks.

• Partnerships with financial institutions: Insurance companies are exploring partnerships with financial institutions, including credit unions. These collaborations facilitate the distribution of cybersecurity insurance, enabling financial institutions to offer comprehensive risk management solutions to their clients.

Generali and BNP Paribas decided to come together to offer BNP Paribas’ clients an insurance and related services solution enabling them to protect themselves against cyberattacks.

Expert opinion on the rise of cyber risks and cyber insurance coverage for SMEs

By Massimiliano Rijllo, Co-Founder and CEO at Coinnect

Plug and Play: What significant challenges do insurance companies encounter in dealing with cyber risks?

Rijllo: One of the foremost challenges is recognizing the inherently "dynamic" nature of cyber risk. This sets it apart from other, more stable risks and necessitates a distinct approach. While questionnaires and periodic technical assessments are valuable, their significance diminishes when we consider that cyber risks can evolve daily or weekly. What, then, is the true worth of evaluating a client or prospect annually or even less frequently? Insurers need to grasp that proactive risk monitoring and mitigation is the only viable strategy in the cyber domain. As such, it's imperative for them to integrate advanced cyber insurtech solutions into their offering.

CASE STUDY: The Success Story of Generali Health Solutions & Pathmate Technologies

Plug and Play: What reasons contribute to the low adoption of cyber insurance coverage within the SME sector? How can significant players influence a shift?

Rijllo: In the past, adoption was limited, largely due to clients' limited understanding and awareness of cyber risk and the inherent value of a cyber policy. Today, a growing number of SMEs seek cyber coverage. However, they grapple with the intricacies of various insurance products, which are often challenging to comprehend, coupled with an underwriting process steeped in lengthy and complex questionnaires. Additionally, many insurers hesitate to actively pursue new customers as they're still grappling with effective risk assessment methods to maintain a profitable portfolio. In essence, while previously clients weren't seeking cyber insurance, it's now the insurers who are being cautious. Despite the rapid developments in cyber, there's vast potential ahead; it's worth noting that perhaps only 10% or fewer SMEs currently have a cyber policy in place.

Plug and Play: How can startups help insurance firms tackle cyber threats more effectively?

Rijllo: Cyber insurtech startups offer innovative tools and solutions tailored to address the industry's primary challenges:

1. The technical nature of cyber risks
2. The dynamic evolution of cyber threats

Traditional insurance methodologies fall short in this space, making technology essential for effective assessment, proactive monitoring, and risk mitigation. While conventional cybersecurity vendors typically focus on end-users without considering the insurer's perspective, cyber insurtech providers bridge this gap. They aim to manage and mitigate risks for both clients and insurers by leveraging advanced tools, fostering transparency, and ensuring favorable outcomes for all parties involved.

Plug and Play: In what ways is Coinnect contributing to the advancement of incident response services for insurance providers?

Rijllo: Our company's journey began as a cyber incident response firm, where we managed complex ransomware cases and collaborated with globally renowned loss adjusters and insurers. Drawing from this rich experience, we developed a platform designed to assist both clients and insurers during cyber incidents. Our platform offers advanced tools for proactive responses, in-depth incident analysis, and efficient remediation. The primary objective is to minimize the duration of incidents, enabling clients to promptly resume their operations and mitigate business repercussions. While assessment and proactive mitigation remain crucial in today's landscape and in our platform, a swift and effective response can significantly reduce the financial implications of incidents for insurers.

SMEs find the support they need via cyber insurance coverage

The rise of digital transformation in today's business landscape has opened up new opportunities and efficiencies. However, it has also exposed businesses, especially SMEs, to a growing array of cyber threats. These threats are persistent and increasingly sophisticated, making it imperative for organizations to fortify their cybersecurity measures.

The insurance industry has become a valuable ally in response to these challenges. Collaborating with innovative startups like Coinnect offers a promising line of defense against cyber threats. These strategic partnerships leverage cutting-edge technologies and expertise to bridge the gap between cybersecurity and insurance. The result is a comprehensive approach that helps SMEs proactively defend against cyberattacks and provides them with much-needed financial protection in case of a breach.

The advantages of these collaborations extend beyond mere financial security. Insurers are evolving their services to meet the changing needs of businesses in the digital age. They now offer a safety net and a toolkit for organizations to navigate this digital landscape securely and confidently. This may include proactive risk assessment, employee training, and incident response planning, all aimed at fortifying a company's cybersecurity posture.

The synergy between insurance companies and startups like Coinnect promises all enterprises a safer, more resilient digital future. As they continue to innovate and expand their services, businesses of all sizes can tap into these partnerships to safeguard their operations, foster trust among their stakeholders, and thrive in the dynamic world of digital transformation. In this collaborative effort, SMEs find the support they need to survive and thrive in an increasingly digital and interconnected business environment.

Plug and Play'sMunich, Germany, office is situated in a city that's home to a number of large corporations and has one of the most vibrant startup scenes in Europe. Tojoin our platform, please contactDaria Pelini, Ventures Associate, orArthur Bessières, Senior Ventures Associate, for more information.