An EMEA survey shows that less than a fifth of corporate information assets have cyber coverage in place. This is what businesses need to know

A new report on the state of cyber risks for businesses in Europe, Middle East and Africa (EMEA), shows that a protection gap has arisen.

The report suggests that business’ desire to engage with with artificial intelligence (AI) is leading to alarming under-insurance.

cyber pricing phone money

The report, which was sponsored by Aon, but independently conducted by the Ponemon Institute, found that Potential losses related to intangible asset values from evolving perils such as generative artificial intelligence (AI), cyber security, and intellectual property (IP) misappropriation are already significant.

More worruing, a a significant protection gap persists for intangible assets, with only 19 percent insured according to the research.

Tangible assets, despite their lower relative value, are insured to a level three times greater, at 60 percent.

Meanwhile, just 44 percent of respondents said they are prepared for a cyber or IP ‘Black Swan’ event.

What does it mean for businesses?

The paper suggests firms should reassess cyber insurance and intellectual property (IP) protection strategies in the light of evolving threats from generative artificial intelligence (Gen AI), and increasing exposure to losses of IP and intangible assets.

Key findings included:

  • The likelihood of a loss is higher for intangible assets than for tangible assets.
  • The average total value of intangible assets is nearly 14% higher than that of tangible assets.
  • The average Probable Maximum Loss for intangible assets is almost 37% higher than that of tangible assets.
  • A significant protection gap persists for intangible assets, with only 19 percent insured 
  • Some 56% of businesses had a material or significantly disruptive security threat or data breach one or more times in the past 24 months.
  • 79% of businesses use or plan to use AI products or services.

The new report drew insights from 2,462 individuals located in North America, Europe, the Middle East, Africa, Asia Pacific, Japan and Latin America, with the responses underscoring a key discrepancy in insurance coverage.

Respondents are involved in their company’s cyber risk management as well as enterprise risk management activities.

While 60% of PP&E is insured, only 19% of information assets have similar protection, Aon reported.

This gap has remained unchanged over the past two years, despite the increasing value of intangible assets and the growing frequency of substantial cyber breaches, the paper suggested.

Aon’s survey also showed that the expected loss from a cyber event targeting intangible assets is 43% higher than for tangible assets.

Furthermore, the likelihood of a significant cyber event involving intangible assets is three times greater than for PP&E. Despite these findings, many businesses still lack adequate coverage for trade secret theft and intellectual property liability – potentially exposing them to heightened financial risks.

With 69% of businesses globally, using or intending to integrate AI products or services, the potential for cyber incidents and regulatory compliance issues, is considerable.

New regulations like the European Union’s AI Act could add further complexity by inadvertently prompting more litigation from copyright holders.

Additionally, the rising threat from Gen AI is expected to increase the amount and heighten the impact of cyber-attacks over the next two years, Aon said.

Gen AI may enhance the existing tactics, techniques, and procedures (TTPs) of cyber criminals, as well as make it easier for novice cyber criminals to carry out effective attacks, contributing to an increased global ransomware threat.

Moreover, with a minority of cyber insurance policies covering ransomware costs, many businesses are extremely vulnerable to financial losses stemming from cyber incidents.

Risk rethink required

The increasing value of intangible assets, alongside the rise of generative AI, represents a paradigm shift in cyber risk.

Meanwhile while global regulations including the EU’s new AI Act is only likely to introduce more r complexity. Businesses must prepare for these evolving risks and potential liabilities.

“Cyber insurance has rapidly evolved to address more effectively the key loss drivers associated with cyber events. It offers more favourable coverage and premium pricing for businesses that demonstrate strong cybersecurity practices,” said David Molony, head of cyber solutions EMEA at Aon.

“The recent global IT outage served as a powerful reminder of the dynamic nature of cyber and technology risks and emphasised the importance of robust business continuity and incident response protocols. It also reiterated the need for a comprehensive cyber insurance policy to mitigate these risks,” he continued.

“This evolving landscape presents major opportunities for global businesses to rethink their risk strategies, whether through conventional risk transfer mechanisms or by leveraging capabilities in alternative capital arrangements, such as captives and reinsurance markets,” he concluded.