A recent report from the Geneva Institute warns that as cyber incidents become more frequent, complex and costly, many companies still have persistent gaps in cyber hygiene and risk management, highlighting the urgent need to strengthen resilience, with cyber insurance playing a key role.
The Geneva association noted that rising geopolitical tensions and deeper digital interdependence are increasing the frequency and intensity of cyber risks. Over the past 15 years, the median annual cost of a cybersecurity breach has increased 15-fold, from $190,000 to nearly $3 million.
Cyber ​​risk is increasingly recognized as a core operational issue. However, many incidents still stem from basic, preventable vulnerabilities such as phishing attacks, weak passwords, unpatched software and misconfigured systems, highlighting ongoing gaps in cyber hygiene and risk management.
The report emphasizes that understanding cyber resilience goes beyond traditional risk management and the actions companies take to limit potential losses. Resilience also requires attention to how businesses prevent, absorb, and recover from disruption.
The Geneva association describes cyber insurance as a potentially powerful but yet to be fully realized governance mechanism that can actively shape corporate behavior, incentivize risk prevention and mitigation, and provide critical expertise and financial support in the event of an incident.
While the cyber insurance market has expanded rapidly over the past decade, adoption remains low across many industries, leaving gaps in businesses’ ability to prepare for and respond to sophisticated cyber threats. This is particularly concerning for small and medium-sized enterprises (SMEs), which are increasingly targeted by cyberattacks but often lack the resources to build strong internal capabilities.
It is estimated that only around 10% of SMEs globally have cyber insurance, and in some countries the number may be much lower, especially among the smallest businesses.
Expanding the resilience benefits of cyber insurance requires increasing awareness of the prevention and response services embedded in policies.
In addition, greater coordination between insurers, policyholders, technology providers and governments is critical to improve understanding of interdependent cyber risks and support solutions that increase the resilience of the entire system.
The report highlights that by helping to establish and strengthen widely adopted standards of good cyber hygiene, cyber insurance can evolve into a more trustworthy and effective mechanism to strengthen the resilience of businesses, industries and economies.
Jad Ariss, Managing Director of the Geneva Association, said: “In today’s geopolitical environment, cyber risk is no longer just an IT issue but a core business and economic risk. Cyber ​​incidents may be inevitable, but their impact is not. Cyber ​​insurance can play a key role in building resilience, helping businesses prevent incidents, manage disruptions and recover faster. Unleashing this potential requires closer collaboration between industry, technology providers and governments.”
Darren Pain, research director at the Geneva Association and author of the report, added: “Cyber ​​insurance already enhances resilience through underwriting standards, incident response services and claims support. However, many policyholders, particularly SMEs, do not take full advantage of the preventive services included in their policies. Increased awareness and utilization of these capabilities can significantly enhance a company’s ability to withstand and recover from cyber incidents.”
