La Privacy e Cybersec per le aziende
Osservatorio a cura del dott. V. Spataro privacy, formulari, check up per WordPress

   documento 2023-02-24 ·  NEW:   Appunta · Stampa · pdf

Cyber Insurance: Fitting the Needs of Operators of Essential Services?


Documento annotato il 24.02.2023 Fonte: GPDP


L'analisi è riservata agli iscritti. Segui la newsletter dell'Osservatorio oppure il Podcast iscrizione gratuita 30 giorni



  • News Item
  • What does the report reveal?
  • Recommendations to policy makers
  • Recommendations to OESs
  • Further information
  • Contact



estimated reading time: 2 min

News Item

The new report by the European Union Agency for Cybersecurity (ENISA) explores the challenges faced by Operators of Essential Services in the EU, when seeking to acquire cyber insurance.

Published on February 23, 2023


Focused on the potential challenges faced by Operators of Essential Services (OESs), the analysis performed also explores aspects of cyber insurance from a policy development perspective, and suggests recommendations to policymakers and to the community of OESs.

What does the report reveal?

With the current trend of increasing cyber incidents also affecting OESs to a large extent, a majority of them perceive cyber insurance as a service they cannot afford given the outstanding premiums and disadvantageous coverage. According to data gathered through a survey targeting 262 OESs across the EU, three in four do not currently have cyber insurance coverage. The survey also reveals that other risk mitigation strategies are often considered more favourable by OESs.

For 77% of respondents, a formalised process has been set to identify cyber risks. The remaining 23% do not have any such process in place. On the other hand, 64% of organisations declare not quantifying cyber risks. However, all interviewed contributors declare having risk-management practices in place and a process to determine controls.

The motivators behind the decision to contract insurance coverage include coverage in case of a loss as a result of a cyber incident for 46%, requirement by law for 19%, pre-incident or post-incident expert knowledge from insurance companies.

56% of respondents declared they considered other risk mitigation tools more effective than cyber insurance.

Recommendations to policy makers

  • Implement guidance mechanisms to improve maturity of risk management practices of OESs;
  • Promote the establishment of frameworks to identify and exchange good practices among OESs, specially related to identification, mitigation and quantification of risk exposure;
  • Encourage initiatives, including standardisation and guidance development, to provide Assessment methodologies on the quantification of cyber risks;
  • Develop collaborative frameworks with public and private partners to enable skills frameworks and programmes for cyber insurance, particularly in areas such as risk assessment, legal aspects, information management and cyber insurance market dynamics.

Recommendations to OESs

  • Make progress towards the maturity of risk management practices;
  • allocate or increase budget to implement processes on identification of assets, key metrics, conduct periodic risk assessments, security controls identification and quantification of risks based on industry best practices;
  • Improve knowledge transfer and sharing with other OESs.

To coincide with the publication of the report, ENISA welcomed the visit of Petra Hielkema, Chairperson of the European Insurance and Occupational Pensions Authority (EIOPA).

ENISA has developed synergies with stakeholders such as the EIOPA to engage in actions to understand the mechanisms and potential needs of the cyber insurance sector in relation to cybersecurity and market development. These synergies materialise through the coordination of activities meant to monitor cyber insurance developments, knowledge exchange and multidisciplinary collaboration.

Further information

Demand Side of Cyber Insurance in the EU – ENISA report 2023


For press questions and interviews, please contact press (at)


Testo del 2023-02-24 Fonte: GPDP


i commenti sono anonimi e inviati via mail e cancellati dopo aver migliorato la voce alla quale si riferiscono: non sono archiviati; comunque non lasciare dati particolari. Si applica la privacy policy.

Ricevi gli aggiornamenti su Cyber Insurance: Fitting the Needs of Operators of Essential Services? e gli altri post del sito:

Email: (gratis Info privacy)

Nota: il dizionario è aggiornato frequentemente con correzioni e giurisprudenza