Globally, 9 out of 10 C-level managers consider their own companies to be inadequately protected against cyber risks and are concerned about the threat of attacks. The respondents to Munich Re's Cyber Risk and Insurance Survey 2026 confirm a growing awareness of risk, which is justified given the increasing cyber threat posed by attacks and vulnerabilities. Of particular significance is the fact that cyber attackers are increasingly targeting the entire supply chain and launching automated attacks on large numbers of targets. As a result, small and medium-sized enterprises (SMEs) are also becoming a greater focus for criminals. However, the coverage gap for SMEs remains alarmingly large. Closing this gap requires even closer collaboration between primary insurers and reinsurers.

When large organisations fall victim to cyberattacks, the consequences often cascade through their supply chains. Business interruptions and financial losses can quickly spread to smaller suppliers and service providers, and can even lead to insolvencies.

SMEs are often particularly vulnerable. Compared to larger companies, they typically have fewer resources available for preventive measures, employee training or robust IT security infrastructures. When an attack occurs, restoring systems, resuming operations and recovering from financial damage can quickly become overwhelming challenges, which can take on existential dimensions.

At the same time, a significant proportion of cyber risks, particularly within the SME sector, remain uninsured in Europe. Many smaller companies either lack access to suitable insurance solutions or underestimate the importance of comprehensive cyber risk management.

In order for that growing risk awareness among SME managers to translate into more effective protection, insurers are called into action: Cyber insurance products should be designed to be easy for both policyholders and distribution partners to understand. The purchasing process should be straightforward and transparent, with policies aligned to the real needs of businesses.

At its core, the challenge lies in reducing complexity while strengthening cooperation between all stakeholders. It is essential to close the insurance protection gap with currently uninsured or underinsured companies, particularly in the face of rapidly evolving cyber threats driven by increasingly aggressive cybercriminals, new technologies and geopolitical tensions.

The situation of most SMEs differs significantly from that of large corporations. Many mid-sized companies rely heavily on consistent operational capacity because they have limited resources. Production interruptions can be hard to recover from. Skilled labour is often scarce yet critical for business success, while IT-security and regulatory requirements are often seen as an additional burden.

A lean, needs-based cyber insurance solution enables as a final building block a robust security architecture. Effective cyber risk management involves reducing avoidable risks, monitoring potential threats and strengthening prevention and response capabilities, often with external support, as well as transferring unavoidable residual risks through insurance.

Cyber insurance policies typically cover both first-party losses and third-party liability when organisations fall victim to malware, data breaches or hacking attacks. This includes financial losses resulting from business interruption, as well as the cost of restoring IT systems and recovering data.

In many cases, coverage also extends to services such as IT forensics, legal assistance and crisis management support. From a corporate perspective, it is crucial to address all material risks. Transparency and cooperation between insurers and policyholders are therefore fundamental.

As one of the leading players in the market, Munich Re has continuously invested in cyber risk expertise for more than 15 years. Data analytics, accumulation modelling and partnerships with technology companies are key to expanding the cyber insurance market and enabling effective collaboration between primary insurers and reinsurers.

The shared objective is to develop this complex line of business sustainably while strengthening the cyber resilience of companies and organisations.

From Munich Re’s perspective, reinsurance contributions are based on three core pillars:

The further development of the cyber insurance market is a task that requires the collaboration of all industry participants. The goal is to strengthen the resilience of insured organisations while increasing market penetration. Primary insurers value reinsurers as stable partners, offering reliable capacity and extensive expertise in areas such as product development, underwriting, and contract design. At the same time, reinsurers value the market knowledge, clients proximity, and sales power of primary insurers.

Europe is already the second-largest cyber insurance market in the world after North America, with premiums exceeding $3.5 billion. There is significant potential for both insurers and companies seeking protection against the financial consequences of cyber incidents.