The Belgian cyber insurance market is maturing. Stricter conditions are paying off: despite the increase in cybercrime, premiums are falling and the damage to victims remains increasingly limited.
In 81 percent of cases, the costs of a cyber incident in 2025 remained limited to a maximum of 20,000 euros. This is according to insurance specialist Vanbreda Risk & Benefits based on its own figures. These figures endorse a positive evolution for the insured: in 2024, the damage to 27 percent of the insured was still above 20,000 euros.
Falling premiums
Although cybercrime is increasing worldwide, insured Belgian companies are holding up well. In addition, insurance premiums are falling. Vanbreda sees two different causes for this. On the one hand, the quality of cyber security of insured parties has increased, and on the other hand, insurance policies come with a professional helpline that intervenes more quickly.
With regard to the quality of security, insurance companies are contributing by imposing increasingly high minimum requirements. Only those who have their security in order can also be insured against incidents.
Minimum requirements
Specifically, insurers require five things:
- MFA is mandatory
- Backups must be separate and quickly recoverable
- Endpoint security must be present on all devices (laptops, servers, mobile devices…)
- Companies must perform vulnerability management (via a password policy, the choice of service providers…)
- Awareness and testing is mandatory (training for phishing, pentests…)
Anyone who adheres to these rules can be insured. Companies that do not have their affairs in order are refused or pay a higher premium.
Limited damage due to rapid response
No cybersecurity strategy is watertight, so even organizations that adhere to best practices still experience breaches. The good basic security then ensures that incidents are handled quickly and at a relatively low cost.
read also
Focus on cloud, with love for in-house apps: the Director ICT of Vanbreda Risk Benefits talks
The helpline also plays a role in this. Because insured parties receive immediate assistance, the impact is further limited. After all, business downtime is one of the major cost items in a hack.
In nineteen percent of cases, the damage does amount to more than 20,000 euros and in three percent even to more than one million euros. That is one percent less than in 2024. The high costs can be explained by the long-term impact on business operations, but also by the payment of ransomware.
New players
With the mandatory minimum requirements and the manageable cost of most incidents, the cyber insurance market is clearly becoming more mature. New players are therefore joining the market. They profile themselves with sharper rates, which further contributes to the fall in premiums.
Vanbreda Risk & Benefits is now working with twenty insurers. Five years ago there were only ten. Vanbreda also notes that the total premium volume in 2025 has remained stable compared to 2024, with an amount of 17.1 million euros.
Cyber insurance is most common in industry, which accounts for eighteen percent of the insurance policies taken out. The impact of an attack that brings a factory to a standstill can therefore be enormous.
Dangerous dependence
Finally, Vanbreda Risk & Benefits warns against the growing dependence on a handful of suppliers. Organizations focus on their own security and that works, to some extent. The cause of incidents is therefore shifting more and more to suppliers.
When one popular supplier is affected, it has a broad impact. The insurer saw more of such incidents in 2025 and notes that companies have few to no alternatives for certain suppliers or platforms.
Insurance drives maturity
The figures come from Vanbreda itself. They provide a picture of the evolution of the impact of cyber threats on insured companies. Due to the high requirements for insurance, these are increasingly organizations with above-average maturity. Companies that do not have their security in order find little or no insurer. Moreover, the chance of a more significant financial impact is greater for them.