A new report from Howden has underlined the urgent need for scaled cyber risk transfer in Europe, where increasingly complex and costly threats collide with low insurance uptake, while also highlighting the strong return on investment from effective risk management and cyber insurance.
This comes as part of the global insurance intermediary group’s new research on cyber risk, analysing companies in France, Germany, Italy and Spain.
While the report highlights the strong return on investment from effective risk management and cyber insurance, it also underscores the significant benefits for both businesses and insurers in expanding risk transfer across underpenetrated markets.
Notably, Howden’s analysis stresses the need to grow the cyber premium pool in a softening market cycle, with rate reductions accelerating over the past 12 months and global pricing now 22% below the mid-2022 peak.
“This trend has been driven by increased underwriting capacity, as insurers commit to a class that offers a strong track record of profitability. The most pronounced downward pricing pressure has been observed in international markets, where rates have declined by 12% since January 2024, compared to a more modest 5% drop in the US,” Howden explained.
Meanwhile, Howden’s report also suggested that cyber exposures need to increase by 15% annually over the coming years to meet premium targets.
“Building resilience is critical to the journey. Howden data shows that nearly half (49%) of surveyed businesses experienced at least one cyber attack in the past five years, equating to over €307 billion in direct costs,” the firm said.
Howden continued, “Despite this, cyber insurance penetration remains relatively low across Europe. More than 70% of companies in the four countries are uninsured, notably above the UK’s 61%.
“Encouragingly, 31% of surveyed businesses with annual revenues above €1 million intend to purchase cyber insurance for the first time within the next five years. The potential is even greater, given the high proportion of undecided non-buyers, which represents a clear call to action for the market to engage, educate and convert interest into uptake.”
Howden’s analysis also highlighted that, even before accounting for claims recoveries, insured companies incur lower costs following a cyber attack due to stronger governance and risk management best practices.
“A company with €500 million in annual revenue could save €16 million over ten years by holding a cyber insurance policy,” the firm said.
This reportedly equates to a 19% return on investment, driven by reduced attack severity, more than offsetting the cost of cover.
“By extrapolating the impact that cyber insurance and risk controls have on reducing attack frequency and severity across France, Germany, Italy and Spain, analysis shows that total cyber-related costs could fall by 66%, a reduction of €204 billion over the period of 2020-25. The bulk of these savings emanate from reduced severity (€112 billion), with the remaining €92 billion attributed to lower attack frequency,” Howden said.
Jean Bayon de La Tour, Head of Cyber, International, Howden, commented, “Howden’s report confirms the powerful role cyber insurance plays in mitigating one of the most critical threats facing businesses today.
“Cyber insurance is not just a protective measure, but a strategic enabler of resilience that accelerates recovery, strengthens risk management and reduces financial losses.
“With penetration still low and demand rising, Europe and other international markets offer significant growth opportunities.
“Yet, the market must do more to communicate this value and simplify its offering. Improving accessibility will be crucial to realising the huge potential in Europe and other underpenetrated markets.”
Shay Simkin, Chair, Global Cyber, Howden, said, “Our research has quantified the costs of European attacks at roughly €300 billion since the turn of the decade. The cyber protection gap is a societal issue that demands urgent attention, and at Howden, we are committed to working with clients and markets to build lasting resilience.
“Through increased insurance penetration and education about implementation, we can help businesses improve their cyber resilience and protect against loss of revenue from these attacks.”
About the Author
