ZURICH, 31 March 2026 – As geopolitical tensions intensify and digital interdependence deepens, cyber incidents are becoming more frequent, sophisticated, and costly, with median annual losses increasing fifteen-fold over the past 15 years. A new Geneva Association report stresses that cyber resilience – firms’ ability to prevent, absorb, and recover from cyber disruptions – must be a critical priority for businesses.
The report highlights how cyber insurance can strengthen firms’ cyber resilience and help manage the growing economic impact of cyber incidents. While the market for cyber insurance has expanded rapidly over the past decade, adoption remains low in many sectors, leaving gaps in firms’ ability to prepare for and respond to more complex cyber threats. This is particularly concerning for small- and medium-sized enterprises (SMEs), which are increasingly targeted by cyberattacks but often lack the resources to build robust internal capabilities.
Cyber insurance can support risk prevention, improve cyber hygiene, and accelerate recovery after incidents. However, expanding its resilience benefits will require greater awareness of the prevention and response services embedded in policies. Moreover, stronger coordination between insurers, policyholders, technology providers and governments will be essential to improve understanding of interdependent cyber risks and support solutions that strengthen system-wide resilience.
Jad Ariss, Managing Director of the Geneva Association, said, “In today’s geopolitical environment, cyber risk is no longer just an IT issue – it is a core business and economic risk. Cyber incidents may be inevitable, but their impact is not. Cyber insurance can play a critical role in strengthening resilience – helping firms prevent incidents, manage disruptions, and recover faster. Unlocking that potential will require closer collaboration across industry, technology providers, and governments.”
Darren Pain, Director of Research at the Geneva Association and author of the report, added, “Cyber insurance already contributes to resilience through underwriting standards, incident-response services, and claims support. However, many policyholders, particularly SMEs, underuse the preventative services embedded in their policies. Increasing awareness and utilisation of these capabilities could significantly strengthen firms’ ability to withstand and recover from cyber incidents.”
ENDS
