In the German industry, the market for cyber insurances is growing: every seventh industrial enterprise (14 percent) has already taken out insurance against digital industrial espionage, sabotage or data theft. Two years ago, it was only 11 percent. This is the result of a study by the digital association Bitkom, for which 503 managing directors and security officers across all industrial sectors were interviewed in a representative manner. Specifically, another 13 percent of industrial companies are planning to take out such insurance. Almost a third (30 percent) discuss such a project. For four out of ten companies (38 percent), a cyber policy is still not an issue. “Cyber insurance can be a useful addition to risk management, but it does not replace robust IT security,” says Susanne Dehmel, Member of the Bitkom management. “Only those who are well prepared for IT security can also be considered as policyholders.”
Large companies are more likely to insure against cyberattacks than SMEs
Especially large companies deal with cyber insurance. One third of companies with more than 500 employees (32 percent) have already insured against digital attacks. Nearly a quarter (23 percent) of medium-sized companies with between 100 and 499 employees and only one in 10 industrial enterprises (10 percent) are smaller, with 10 to 99 employees.
When it comes to assessing how cyber insurances have paid off, the industry is divided. For three out of ten (28 percent) businesses that have been hit by digital attacks in the last two years and have cyber insurance coverage, the policy has paid off. “Cyber attacks can hit anyone, no matter how well a company is protected,” said Dehmel. “Companies and insurers should clearly define
Cyber insurance can take over the costs of repairing IT systems or restoring data after attacks. As a rule, damage that occurs in the event of a business interruption is also covered. In addition to external attacks, operating errors by employees or technical faults are also covered, depending on the policy. Companies can also hedge against their own privacy violations.