Our website uses cookies to create a better user experience. To optimize the website we ask that you accept the cookies:

I agree I disagree
2021 2022 2023


“Insurers are increasingly taking third-party risks into account”

Not only is the number of cyber incidents on the rise in our country, the number of companies taking the step to insure themselves against such attacks is also increasing. But what types of damage does this insurance cover? Which conditions determine the cost of a cyber insurance policy? And how do insurers deal with third-party risks? We asked Tom Van Britsom, cyber expert at Vanbreda Risk & Benefits, to explain.

Tom Van Britsom

Cyber Expert at Vanbreda Risk & Benefits

As Belgium’s largest insurance broker, Vanbreda Risk & Benefits has a good overview of the cyber risks that Belgian companies are confronted with. The broker’s portfolio of insurance policies against cybercrime increased by 20 percent in 2023, to 15.6 million euros. “We are seeing an increase in both the number of customers and the cost of current policies, causing the premium volume to rise. That should not be surprising, because hackers are increasingly bold. Any company can be a target. Insurance is therefore not a luxury,” says Tom Van Britsom. 

Cyber insurance remains a relatively new concept for the sector. “Many insurance companies struggle with correctly estimating a premium. As a result, there are big price differentials in the market, and a premium can be expensive,” Tom explains. “That is why it is important to be transparent about your situation:  giving a good picture of your company, your suppliers and your customers. The size of the company, its activities, the number of employees, the claims history, the turnover, the cybersecurity maturity of the company, etc., determine the pricing.” 

Stricter acceptance rules 

In some cases, the insurer refuses to grant a company a policy against cyber risks. “That has to do with their acceptance rules. For an insurer, the balance sheet must be in balance over several years. In other words, the premiums received must continue to reimburse claims. This explains why certain insurers focus on specific sectors or sizes of companies.” 

One of the factors playing a role in acceptance is third-party risks. Tom Van Britsom: “Insurers are increasingly taking third-party risks into account in their underwriting policies. They need a good assessment of the digital dependency and connectivity between companies. Today, companies may use common systems or be dependent on a service provider. Manufacturing companies need logistics companies, which in turn transport goods to warehouses, etc. Because every company plays a crucial role in the supply chain, a cyber incident rarely affects just one organisation.” 

Working on the human firewall 

The fact that insurance is becoming more expensive and sometimes more difficult to obtain should not stop companies from insuring themselves against cyber risks, Van Britsom suggests: “The exercise of considering an insurance can be instructive. Furthermore, it is better not to postpone the decision: the world is evolving so quickly that we will always be confronted with new cyber challenges.” 

In addition - and this is often a misconception - cyber insurance is about much more than compensation for the damage incurred. “For example, the insurer’s helpline is also important and valuable, because it will guide you through the entire incident, including the recovery process. That is why it is important to look at how the helpline is structured and which experts you will be able to call on.” 

The cyber expert of Van Breda Risk & Benefits concludes with one final piece of advice: “In addition to insurance, companies must continue to invest in the human factor, and point out the dangers to their employees. Insurance and prevention go hand in hand. Don’t forget that human action is still the basis of 90% of cyber incidents.”