Companies Insure Against Cyberattacks
Research
15.05.2025
Representative ZEW Survey About Cybersecurity
Companies in Germany are increasingly taking out cyber insurance to protect themselves against potential damages caused by cybercrime. This is a finding of a recent representative survey conducted by ZEW Mannheim from mid-March to mid-April 2025. Around 1,200 Germany-based companies in the information economy and manufacturing sector participated in the survey.
“Almost one in two companies in the sectors we surveyed has cyber insurance to protect against cyberattacks and the damage they may cause. Nevertheless, the prevalence of such insurance varies significantly depending on the industry and the company size,” explains Dr. Daniel Erdsiek, head of the survey and researcher in ZEW’s “Digital Economy” Research Unit. In the event of an incident, cyber insurance can cover internal and third-party damage and provide support from IT specialists, lawyers and PR experts.
Larger companies more likely to be insured
The number of cyberattacks faced by businesses has been rising steadily for years. The trend is driven by various factors. For instance, geopolitical tensions have led to state-sponsored cyberattacks; more sophisticated technologies have become accessible to criminal actors; and the rise of flexible working arrangements, such as remote working, has created new vulnerabilities.
In the information economy, around half of the companies have taken out a cyber insurance. The uptake of such insurance increases with company size. “Around two-thirds of large businesses – with at least 100 employees – have cyber insurance. Among medium-sized enterprises (20 to 99 employees) the figure stands at 59 per cent, while only 46 per cent of small enterprises are insured,” explains Dr. Thomas Niebel, also a researcher in the “Digital Economy” unit and co-author of the study. The higher rate among larger companies can be explained by their greater exposure to cyberattacks. Across all company sizes, around one in five businesses is planning to take out cyber insurance in the future.
Highest uptake in the chemical and pharmaceutical industries
Compared with the information economy, the uptake of cyber insurance in the manufacturing sector depends even more on company size. Only around one third of small enterprises (5 to 19 employees) currently have an insurance. This percentage rises to 47 per cent among medium-sized enterprises and to 64 per cent for large businesses.
“In addition to company size, the industry affiliation also plays a key role in the prevalence of cyber insurance,” Niebel says. “Uptake is especially high in the chemical and pharmaceutical industries, where 58 per cent of companies are insured. This might be due to specific security requirements and particularly high financial losses in the event of IT system failures”. Among the knowledge-intensive service providers and companies in the mechanical engineering and vehicle manufacturing industries as well as in the ICT sector, around half are covered by cyber insurance. By a clear margin, cyber insurance is least common among media service providers, with only 26 per cent having coverage.
Prevention remains important
Prevention remains essential, Erdsiek explains. “Companies can protect themselves against cyberattacks through targeted measures. These include technical security tools such as firewalls and anti-virus software, as well as regular data backups and staff training to raise awareness of security behaviour. Cyber insurance can therefore only complement processes in place for the protection against cybercrime and similar risks by supporting companies in the event of actual damage with the agreed services.
About the survey
ZEW Mannheim surveyed around 1,200 companies in Germany from mid-March until mid-April 2025. The participants are companies from the manufacturing industry and the information economy, which comprises information and communication technologies (ICT), media service providers and knowledge-intensive service providers such as architectural and engineering firms.
