A national consultation on cyber risk insurance

Cyber-attacks have been on the increase in recent months, targeting financial services in particular. The authorities are urging insurers to take appropriate account of these threats, and to report incidents more systematically.

An upsurge in cyber attacks

In 2020, cyberattacks, particularly by ransomware, have risen sharply. According to a study carried out in October 2020 for Proofpoint, almost 9 out of 10 companies were victims of at least one major cyber attack over the preceding 12 months. The French National Agency for Information Systems Security (ANSSI) said it handled four times as many cases in 2020, compared with 2019, for ransomware alone.

Today's cyber challenges are many and varied for companies, involving operational, reputational and competitive issues. The financial impact should not be underestimated, with sums at stake sometimes running into tens of thousands of euros, or even millions.

A national consultation on cyber risk insurance

The government believes that insurance has a role to play in cyber risk management. It has announced the creation of a working group comprising representatives of government departments, companies, insurers and academic experts, to move forward on the issue of cyber insurance.

More specifically, this working group will have several missions:

  • Analyze cyber insurance clauses and study possible ways of making them clearer and more legible;
  • Identify levers for better management of this complex and evolving risk;
  • Examine ways of sharing this risk between policyholders, insurers and reinsurers;
  • Suggest ways of combating the phenomenon of companies' under-perception of cyber risk.

Bercy invites anyone wishing to contribute to these reflections to send their contribution to the following contact address: assurance.cyber@dgtresor.gouv.fr.

Ransomware attacks set to double by 2021

By 2021, ransomware attacks are on the rise and could double, according to the first comprehensive study of cyber risk insurance coverage in France published by AMRAE (Association pour le Management des Risques et des Assurances de l'Entreprise) in May 2021.

The organization identifies two foreseeable consequences:

  1. a sharp rise in insurance premium rates, which have already risen by 20-30% in 2020,
  2. a retractation of the insurance offer, particularly in the large corporate segment.

AMRAE calls on policyholders and insurers to show greater maturity. It urges companies and public authorities to "improve the prevention and protection of their information systems". At the same time, the insurance market must "become clearer and more legible". Bercy's launch of a national consultation on cyber risk insurance is designed to meet these expectations.