Insurers must make their cyber cover value propositions “more transparent, consistent and demonstrably impactful”, the Geneva Association says.

Cyber insurance encourages stronger prevention practices alongside financial protection, the think tank says in a new report.

But protection gaps exist because many SMEs are “uncertain whether the cost of cyber coverage justifies the perceived benefits, especially in a market characterised by technical policy language and complex underwriting and claims processes”.

Businesses find it hard to clearly attribute improvements in cyber hygiene to insurance-driven interventions rather than other internal initiatives, even though the two should “work as complements”.

To support wider adoption, insurers can increase awareness of cyber vulnerabilities, develop flexible and digitally accessible products, and partner with security providers, the association says.

The report notes cyber cover occupies a “distinct and increasingly influential” position in promoting resilience, and its value “extends beyond the traditional function of indemnifying financial losses after an incident”.

Policies often incorporate security assessments, employee training and vulnerability monitoring, plus post-event co-ordination and forensic support.

However, the “governance role” cyber insurance can play in affecting behaviour is “currently constrained” as many policyholders underuse pre-incident services, either from a lack of awareness, concerns about disruption or fears sharing information may affect pricing or coverage.

Insurers must “redouble their efforts to demonstrate the value of the cybersecurity services they provide, while fostering clearer communication and more predictable coverage”.

The report adds: “Real progress requires active collaboration among insurers, governments, cybersecurity service providers, cloud and software vendors, and critical infrastructure operators.

“These actors must work together to standardise baseline security expectations, improve threat intelligence sharing, and strengthen the reliability and usability of defensive tools.”

The association says one company’s weaknesses can expose others to harm, and cyber insurance has a unique opportunity to serve as a co-ordinating mechanism.

“By rewarding robust security practices and discouraging poor ones, insurers can help align individual incentives and promote collective cyber health.”