Protection against attacks: every second ICT company has cyber insurance

Just under half of ICT companies in Germany have cyber insurance to cover digital attacks and the resulting damage. This is according to an industry report by the Leibniz Centre for European Economic Research (ZEW). Such insurance policies come into effect when preventative security measures such as employee training, firewalls and virus protection programs fail. However, more than a third of ICT companies do not have this type of insurance, while 15 percent plan to take out such a policy. The distribution across the entire information economy in Germany is similar, but also depends on the size of the company.

iX-Workshop: Efficient IT security for small and medium-sized enterprises

If you act now, you will create a stable basis and be well prepared both against attacks and when new regulations are introduced. This workshop provides sensible approaches for cost-effective protection that SMEs can use to improve their IT security regardless of NIS 2 & Co. and gives an overview of methods and best practices that have been used successfully and cost-effectively in SMEs for many years. With this information, participants will be able to design a sensible cyber security strategy for their company.

Registration and dates at heise.de/s/L1PPw

Large companies more often insured against cyberattacks

Around 46% of companies with between 5 and 19 employees are insured against cyberattacks. For companies with 20 to 99 employees, the proportion with cyber insurance is 59%, and for companies with 100 or more employees, it is around a third. Regardless of the number of employees, around one in five companies is considering taking out such insurance. According to the report, the higher proportion of insured people at larger companies seems plausible, as they are more often a target for cyber criminals. The authors also identify an increased threat situation, for example due to geopolitical conflicts, state-supported cyberattacks and working from home, as additional gateways.

Industry affiliation also has an impact on the proportion of insured companies. At around 58%, it is highest in the chemical and pharmaceutical industry. The authors of the study see the industry's particular need for security and high financial losses in the event of IT system failure as possible causes. However, around half of knowledge-intensive service providers and industrial companies, for example in mechanical engineering and vehicle construction, are insured against cyberattacks. Media service providers have the lowest proportion, with only around a quarter of them having cyber insurance.

According to a joint study by Verfassungsschutz and Bitkom, German companies recorded economic losses of 267 billion euros in 2024 as a result of cyberattacks. Around two thirds of this can be attributed to criminal organizations. The most common causes of damage are ransomware, phishing attacks and attacks on passwords. Furthermore, around three quarters of companies were affected by digital espionage in which business data was accessed, including customer data, passwords, or their research results.

(sfe)