2026保险赋能网络韧性提升研究报告

March 2026 Strengthening CyberResilience Through Insurance Darren PainDirector of Research, Geneva Association Sasha RomanoskySenior Policy Researcher, RAND Geneva Association The Geneva Association was created in 1973 and is the only global association ofinsurance companies; our members are insurance and reinsurance Chief ExecutiveOfficers (CEOs). Based on rigorous research conducted in collaboration with ourmembers, academic institutions and multilateral organisations, our mission is toidentify and investigate key trends that are likely to shape or impact the insuranceindustry in the future, highlighting what is at stake for the industry; developrecommendations for the industry and for policymakers; provide a platform to ourmembers and other stakeholders to discuss these trends and recommendations;and reach out to global opinion leaders and influential organisations to highlightthe positive contributions of insurance to better understanding risks and to buildingresilient and prosperous economies and societies, and thus a more sustainable world. Photo credits:Cover page – AI-generatedSection 1 – Getty Images for Unsplash+Section 2 – metamorworks for ShutterstockSection 3 – AdobestockSection 4 – giggsy25 for ShutterstockSection 5 – AI-generatedSection 6 – Philip Oroni for Unsplash+ Suggested citation: Geneva Association. 2026.Strengthening Cyber Resilience Through Insurance.Authors: Darren Pain and Sasha Romanosky.March. © Geneva Association, 2026. All rights reserved.www.genevaassociation.org Contents Acknowledgements4 Foreword5 Executive summary6 1.Introduction8 1.1Cyber risks are a growing business concern101.2Many firms underinvest in cybersecurity111.3Insurance as a risk governance mechanism121.4Report structure14 2. Understandingcyberresilience15 2.1The resilience triangle172.2Beyond conventional risk management192.3The geometry of cyber resilience19 3. Theresilience-enhancingroleofinsurance22 3.1A complement to cybersecurity investment233.2Cyber insurance-as-a-service233.3A coordinating mechanism for resilience26 4.How effective is cyber insurance at improving cyber resilience? 28 4.1Insurers pay claims and influence insureds’ cybersecurity posture294.2Market realities may blunt its governance role34 5.Fostering increased take-up of cyber insurance39 5.1Raising awareness of cyber risks and the full benefits of coverage405.2Tailoring cover to meet policyholders’ needs415.3Simplifying policy language, underwriting and claims processes for SMEs435.4Aligning distribution with customer preferences and risk profiles435.5Partnering with digital infrastructure providers445.6Collaborating with government agencies455.7Exploring initiatives to promote systemwide resilience46 6.Concluding remarks48 References 51 ACKNOWLEDGEMENTS This report has benefited significantly from the input of the members and affiliates of the GenevaAssociation’s Cyber Working Group as well as external interlocutors who kindly agreed to share theirexpert insights. Special thanks go to: •Rishi Baviskar, Rachel Carter and Sabrina Sexton (Allianz Commercial)•Lori Bailey, David Schluger and Nick Steinmann (AXIS Capital)•Hélène Chauveau and Sophie Farhane (AXA)•Henry Skeoch, Wil Powell, Christian Taube and Michelle Waldron (Beazley)•Matt Prevost (Chubb)•Sezaneh Seymour and Daniel Woods (Coalition)•Jonas Schwade (Cysmo)•Kevin Sherry (DarkWeb IQ)•René Buff (Helvetia Insurance Company)•Martin Kreuzer and Franz Gromotka (Munich Re)•Tom Egglestone (Resilience)•Simon Parten (Schroders Capital)•Philipp Skucha (securance.de)•Colin Cowan (Standard Life Insurance)•Stefan Frei (Techzoom.net)•Andre Zapp (Toa Re)•David Pym (University College London)•Dingchen Ning (University of St. Gallen) The views and conclusions presented in the report are solely those of the authors. Foreword Cyber resilience is becoming a core requirement for organisations operating in anincreasingly digital and interconnected economy. Cyber incidents are no longerexceptional events; they are a persistent feature of the modern risk landscape. Thefinancial impact is rising sharply, with median annual losses from cyber incidentsincreasing roughly 15-fold over the past 15 years. Strengthening resilience – ensuringorganisations can prevent, absorb, and recover from cyber disruptions – has become anessential priority for firms, insurers, and policymakers alike. This report examines the growing urgency around cyber resilience, and the roleinsurance can play in strengthening it. Geopolitical tensions, the rapid adoption of cloudservices and artificial intelligence, expanding digital supply chains, and increasinglysophisticated threat actors are intensifying the risk environment. Yet many incidents stillstem from basic, preventable weaknesses such as phishing attacks, weak passwords,unpatched software, and misconfigured systems – highlighting persistent gaps in cyberhygiene and risk management. Preparation alone is not enough: organisations must also be ab