Cyber threats are constantly evolving and present complex challenges for companies worldwide. To counter these risks effectively, Munich Re relies on an open and cooperative risk dialogue with clients. This involves discussing the latest findings from ongoing threat analysis and jointly developing tailored strategies.

Vulnerable supply chains

Cyberattacks on suppliers or service providers can have far-reaching consequences that affect several companies simultaneously. It is therefore essential for risk managers to map the entire supply chain transparently and identify critical links at an early stage. Only in this way can targeted protective measures be developed and operational measures implemented throughout the entire chain. Comprehensive protection not only takes internal systems into account but also incorporates OT and IoT components from external partners and ensures that access rights and security requirements are consistently enforced.

Cyberattack paralyses European airports

An example of the risks posed by attacks on supply chains occurred in September 2025: Collins Aerospace, a provider of digital systems for check-in, boarding and baggage management, was the target of a large-scale cyberattack in which systems at several European airports, including Brussels, Berlin, Heathrow and Dublin, failed. This caused significant disruption to flight operations, affecting thousands of passengers. Many processes had to be handled manually and

At some locations, delays and restrictions persisted for several days.

This incident highlights the aviation industry’s growing vulnerability: between 2024 and 2025, the number of cyberattacks in this sector rose by 600 per cent. More than two-thirds of these attacks were based on the theft of login credentials or unauthorised access to critical systems. Due to its economic significance and complex digital infrastructure, the aviation sector is now considered one of the prime targets for cyberattacks.

For risk managers, comprehensive insight into the current threat landscape is essential. Even seemingly minor disruptions to digital services can lead to significant interruptions in data flow, delays, and financial and reputational damage. Growing digital complexity, particularly due to the simultaneous use of outdated Operational Technology (OT) systems and IoT systems, further increases the attack surface.

Against this backdrop, operational resilience is becoming increasingly important. Clear emergency protocols and regular drills are essential to ensure operational readiness even in crisis situations. Furthermore, a transparent overview of all service providers and software vendors is crucial, going beyond a mere focus on a single vulnerability. It is particularly important to identify critical parts of the supply chain at an early stage to avoid cascading damage that could affect multiple policyholders.

Risk management and insurance cover

The following questions should be raised in risk discussions with clients: Are the most important suppliers identified and subject to mandatory security audits? Are subsidiaries with increased risk appropriately considered?

Does the security architecture also include OT and IoT systems, and are these monitored by specialised Security Operations Centres? Are access rights consistently granted in accordance with the principle of least privilege, particularly for software integrated into the company’s own infrastructure via the supply chain? How quickly can the company resume operations in an emergency, and are there functioning backup solutions, including regular testing?

From an underwriting perspective, it is also crucial to regularly review the scope of insurance cover to ensure its adequacy and the level of the sum insured. Underwriting should be closely tailored to the individual cyber risk of the clients to be able to model realistic maximum loss scenarios. Risk-based pricing and comprehensive insurance cover, including for major losses, are essential. The cyber resilience of the insured companies should be considered appropriately.

Clients benefit from the in-depth analyses and practical recommendations of Munich Re’s cyber experts, which help them to identify cyber risks at an early stage, understand them better and manage them effectively. This ensures they remain capable of acting and protected, even in a dynamic environment.