The risk of a business falling victim to a cyber attack is now considerably greater than that of a physical break-in or fire. As a result, cyber crime at the top of the list of major systemic risks faced by insurers, along with climate change and geopolitical conflicts. Businesses in Belgium are also becoming more aware of this: last year, one new business insured itself against cyber damage every two working days.
Phishing and hacking remain the two most common triggers. An analysis by Vanbreda Risk & Benefits shows that human error lies behind nine out of ten cyber claims. The largest Belgian insurance broker, whose portfolio is typical of the market, has handled more than 300 cyber claims in the past ten years, and that number continues to rise every year. 2024 stands out as exceptional, with a significant increase (+64% compared to 2023) in the number of claims to over fifty – an average of one incident per week.
Incidents at suppliers can also seriously disrupt a company’s activities. The faulty software update last year by cyber security giant CrowdStrike, which led to one of the largest IT outages in years, illustrates the importance of being alert to the vulnerability that arises when businesses are too dependent on just one supplier, or ‘single supplier risk’.
‘For cyber criminals worldwide, methods such as phishing and hacking remain the easiest route to success. At 16% of the affected businesses, the damage amounted to well over 100,000 euros, while for 4% it even ran into the millions due to the shutdown of business activities. However, 75% of claims last year were for no more than 20,000 euros, thanks in part to the rapid action taken by the cyber response team that is included in the cyber policy. After an attack, we immediately put businesses in contact with our partners in legal, PR and IT to limit the damage. In addition, we engage in preventive activity, with workshops, support with drawing up continuity and incident plans and phishing tests. Last year, we sent no fewer than 130,000 test phishing emails to train employees and reduce cyber risks.’
Tom Van Britsom, cyber expert at Vanbreda Risk & Benefits
Last year, the insurance broker arranged a new cyber policy with a new business every two working days (+16.5%). The total premium volume in the cyber portfolio was 17.1 million euros – around 10% higher than in 2023. Although the number of policies is rising rapidly, premiums are not increasing at the same rate. According to Vanbreda, this is because the market has started to soften: a balance is gradually being found between insurers’ annual premium income and the amounts they pay out for incidents.
‘With cyber attacks growing ever more frequent, businesses are getting in touch to ask for cyber policies. They usually do so after they have incurred or narrowly escaped a loss themselves or seen an incident at a high-profile or local business. Even so, many businesses remain unaware of the potential risks today. We have also noticed major differences between sectors. Some B2B sectors such as transport or production feel less targeted by cyber criminals or think they can absorb the financial loss themselves. However, there are already plenty of cases worldwide of transport businesses being unable to deliver food to supermarkets due to a cyber attack or discovering that, for example, the temperature of their cold stores has been tampered with. This has often resulted in downtime and hence damage to the business.’
Tom Van Britsom, cyber expert at Vanbreda Risk & Benefits
With the introduction of the NIS2 Directive last autumn and the DORA Regulation in January 2025, businesses are required by the European Union to increase their efforts in the area of cyber security. Those that fail to do so are at risk of penalties.
Vanbreda Risk & Benefits regards this EU-imposed requirement as a good thing.
