Sunrise/sunset of entrance of the RPC building.

EIOPA Report on Cyber Insurance raises awareness and understanding of cyber risk in the European market

08 August 2018. Published by Anthony Cutler, Associate and Bethan Griffiths, Senior Associate

The European Insurance and Occupational Pensions Authority ("EIOPA") has published a report "Understanding Cyber Insurance – A Structured Dialogue with Insurance Companies", which heralds its first attempt to enhance understanding of cyber risk with a focus on the European market.

In a world of increasingly complex and rapidly transforming technology, cyber risk has risen to one of the top positions in the list of global risks for businesses and is of great concern to both business and individuals.


At present, the stand-alone cyber insurance market lies predominantly in the United States, with only a fraction of the market in Europe. The majority of available reports and surveys focus on the US market and a continued deeper understanding of cyber risk is an ongoing challenge for the European cyber insurance industry.


The EIOPA report is the result of organised consultation with the industry and provides interesting and useful analysis on the current state of the market and predictions for upcoming years. It is based on a survey with responses to 14 qualitative questions answered by 13 insurance and re-insurance groups based across Europe.


Its key findings are as follows:


  • There is a clear need for a deeper understanding of cyber risk. This concerns not only the assessment and treatment of risk in new propositions but also understanding the needs of clients.


  • Cyber insurance coverage is predominantly focused on commercial business at present. However, interest in providing cover for individuals is gaining momentum due to an increased exposure to cyber risks, such as credit card and identity theft through the internet.


  • The increase in cyber incidents, increased knowledge of risk and EU regulatory initiatives are expected to raise awareness and boost the demand for cyber insurance. New technologies will also continue to drive the evolution of cyber policies. This in turn is expected to establish cyber risk as a firm contributor to the economy.


  • Qualitative models (based on risk assumptions of exposure, questionnaires and expert judgment) are more frequently used than quantitative models (based on actuarial pricing and rating tools) to estimate pricing and risk exposures and accumulations.


  • Data analysis, specialised tools and specialised underwriters will be key to the proper estimation and pricing of risk, to ensure adequate provision of insurance coverage.


  • It is suggested that regulation may be a welcome support to the industry to a moderate extent, if it could help to address some of the identified challenges.  


The report clearly sets out the growth potential of cyber insurance and the challenges the industry is facing, as well as the widening relevance and importance of cyber insurance in insurers' portfolios.


RPC have extensive experience in supporting insurers and their clients with this developing market both with breach response services and regulatory compliance. ReSecure is the RPC awarding winning service which responds quickly to cyber incidents, providing (with third party service providers) all of the help needed in the wake of a data breach incident.


Richard Breavington is available at or 020 3060 6341 should you wish to discuss our ReSecure or cyber services further.