The German Insurance Association (GDV) has observed a growing number of hacker attacks, often causing significant damage. Around 4,000 attacks, almost a fifth more than in 2022, were reported to insurers in 2023. Each claim costs an average of 45,370 euros, 8% more than in 2022.

„The IT threat situation in Germany has intensified once again,“ said GDV Managing Director Jörg Asmussen. For insurers, this means significantly higher cyber insurance business. At 180 million euros, this was 50% higher than in 2022, according to the association. However, the bottom line was that, as attacks increased, premium income was almost entirely eaten up.

Asmussen called on small and medium-sized companies to strengthen their cyber defences. Cyber insurance cannot replace a company's own IT defence shield. „Most companies can no longer do without functioning IT – IT systems should also be protected in line with their importance.", he said. Due to the increasing risk of cyber attacks, insurers are exercising more caution when writing new policies, and insisting on effective protective measures.

The CEO referred to a Forsa survey commissioned by GDV among 300 medium-sized companies, according to which 69% did not fulfil even the basic requirements of cyber prevention. According to the survey, IT security copies are stored incorrectly, and weak passwords are used. „If the most basic security standards are not met, insurance cover will also be difficult,“ Asmussen is quoted as saying in the report.

Meanwhile, strategy consultants Marsh McLennan and Zurich Insurance emphasised the importance of greater government involvement in the fight against cyber criminals, and protection against IT failures in a recently published joint report. They argue in favour of increased cooperation between the insurance industry and the public sector, including public-private partnerships, for a framework to be created for data exchange, and for innovations to develop the cyber insurance market further.

Like the GDV, Marsh McLennan and Zurich also complain that SMEs in particular are often not insured, or only insufficiently insured. Cyber threats are developing so rapidly that traditional insurance and risk management solutions are „no longer sufficient to fully cover them“. Although the cyber insurance market has been experiencing rapid growth for years, and gross written premiums worldwide are expected to double to 29 billion dollars between 2023 and 2027, Marsh and Zurich warn that there is still a protection gap for cyber risks.

In the context of extreme cyberattacks, for example on critical infrastructure, there are limits to the amount of financial losses that the reinsurance/insurance industry can absorb, the report states. While the cost of cybercrime in 2022 was 8.5 billion dollars worldwide, it is forecast to almost triple to 24 billion dollars by 2027. Cyber incidents that are not attributable to malicious actors are not yet included in this figure.

As digital networking increases, even individual sources of error can have far-reaching consequences, the report states. The best example was a faulty update from the US IT security service provider Crowdstrike, which led to Windows system failures worldwide on 19 July.

According to Zurich CEO Mario Greco, strong public-private partnerships are needed to increase protection against outages and attacks. „We must recognise that large-scale catastrophic cyber events pose significant accumulation risks that cannot be borne by the private sector alone," he said.