LUCY - Light upon cyber assurance

Light Upon CYber insurance / © Amrae - 7 - Large companies represent only 3% of the panel analyzed, but their contributions represent 83% of the volume of premiums collected in 2022. On the other hand, small and micro companies are certainly numerous (82% of the panel) but their economic contribution to the cyber insurance market remains marginal (1.9% of the global volume of premiums in the Lucy study). Therefore, despite its limitations in the small and micro business segment, the Lucy study can be considered an accurate reflection of the cyber insurance market. However, for the sake of consistency, we have decided to focus certain analyses on the 1,363 companies (large, Mid-cap and medium-sized) with revenues of more than €10 million: their contributions represent almost all (more than 98%) of the volume of premiums collected in 2022 as identified by the study. REPRESENTATIVE because this study is not a simple survey. It is based on the aggregation of the portfolios of the main corporate risk intermediaries: the data analyzed are neither estimates nor projections, but the actual amount of contributions paid by companies and claims compensated by insurers. This makes it possible to study cyber risk from two angles: l cyber risk coverage: number of companies having taken out insurance, amount of the gross premium, guarantees and level of coverage taken out; l compensated claims: number of claims, amount of compensation, triggering event ROBUST because the data collected perfectly reflected market trends. They have thus made it possible to anticipate market movements: “After very poor underwriting results in the intermediate market in 2021, we thought that insurers would take corrective measures similar to those taken in 2020 in the large corporate market, explains Philippe Cotelle. This is indeed what happened in 2022 with a sharp increase in premium rates (+54%) and a reduction in capacity (-8%).” The Lucy study has quickly become a tool for dialogue and negotiation between the actors of the cyber risk community: risk managers, insurers and brokers. Its analyses are regularly used by French and European public authorities and regulators, notably Anssi (the French national agency for information systems security), the French Ministry of the Economy, Finance and Industrial and Digital Sovereignty, and Eiopa (the European insurance regulatory authority).

RkJQdWJsaXNoZXIy MTkzNjg=