
Munich Re estimates global cyber premiums at approximately $14 bn and expects the cyber insurance market to reach a size of around $29 bn by 2027. Given the continuing trend of more frequent and severe cyber-attacks, the survey indicates that the protection gap is still disproportionately huge.
Munich Re’s survey aim to better understand the challenges the global economy faces when it comes to cyber preparedness and the requirements for appropriate cyber insurance solutions. Global Cyber Risk Insurance report included over 7,500 participants from 15 countries, covering all industries and company sizes.
87% of all C-Level respondents report that their company is not adequately protected against cyber-attacks
Key topics covered included risk awareness, the role of cyber insurance with its cover elements and services as well as threat exposure for both companies and private individuals.
Alongside these developments, vulnerabilities, security gaps and cyber-attacks continue to increase, and our data shows on a global scale, attacks such as ran-somware and data theft have picked up.
Despite a high level of concern, uncer-tainty around protection is high as 87% of surveyed representatives say their own organization is not adequately protected against digital threats. Surprisin-gly this, already high proportion, has actually increased compared to the survey results (83%).
Everyone believes in digitalisation
Digitalisation is rapidly advancing across various business sectors, with nearly all surveyed companies focusing on innovative AI-technologies, cloud services, and data analytics.
These technologies are viewed as highly relevant for the near future by the vast majority of businesses, with only 2% of C-Level executives deeming them irrelevant, a significant drop from 12% in 2022. This shift underscores a growing reliance on advanced technologies.

However, while awareness of risk management measures has increased, it has yet to result in widespread action.
On a positive note, 41% of decision-makers are now considering cyber insurance as a critical component of their risk management strategies. This interest spans multiple sectors, highlighting the universal concern over cyber risks.
Munich Re believes that the insurance industry represents a substantial part of the solution when it comes to cyber risks management, which is why we continue to actively advocate for efforts that help close the large gap between insured losses and economic losses in the field.
Respondents suggest that insurance providers need to enhance transparency, simplify conditions, and make products easier to evaluate. Effective risk management remains essential for cyber insurance and resilience. The ongoing digital transformation is bringing increased complexity, impacting even those not fully prepared.
Cyber risk awareness
According to the survey results, awareness of cyber risks varies considerably across the globe: Respondents from North American and Northern European as well as Australian and some Asian markets are quite concerned about a potential cyber-attack.
Southern European, Latin American, African, and Indian C-Level respondents are highly concerned. The most concerned market in the previous survey wave, India, was superseded by Spain, where 90% of C-Level respondents were concerned or extremely concerned about a cyber-attack.
Spain leads the list of concerned C-level executives with 90%, followed closely by India at 88%, South Africa at 86%, and Brazil at 84%.
This reflects a high level of anxiety regarding cyber threats in these regions. Conversely, Northern Europe, particularly Sweden, shows a markedly different attitude (see how Generative AI Change the Cyber Insurance). Only 35% of Swedish C-level executives express concern or extreme concern about potential cyber-attacks, indicating a more relaxed approach compared to other regions.
Potential cyberattack

The following world map illustrates the varying levels of concern among C-level executives about potential cyber-attacks on their companies:
- Spain: 90%
- India: 88%
- South Africa: 86%
- Brazil: 84%
- Sweden: 35%
This data highlights the geographical disparities in cyber threat perception among top executives globally.
On a global average, 72% of C-Level respondents are concerned or extremely concerned. Regarding the company split according to annual revenue the highest level of concern can be constituted for the segment of $200 mn up to 1 bn.
According to Munich Re’s Personal Cyber Insurance survey, only 10% of respondents stated they did not need any precautionary services, and only 12% said they did not require assistive services in the event of a cyberattack.
Frequency and Footprint Impacts
The frequency and scope of cyber events are influenced at both pre-intrusion and post-intrusion stages of the kill chain. Research shows AI’s ability to enhance threat actors’ speed and capabilities, increasing the likelihood of large-scale attacks.
Large language models (LLMs) enable higher-quality, scalable social engineering, including phishing and deep fakes. They also allow quicker vulnerability identification, potentially expanding the initial attack footprint.
These capabilities could accelerate attack escalation, raising global cyber event frequency through smaller incidents reaching material thresholds. Existing material events may also impact more companies due to AI-driven expansion of attack footprints.
The status of the economy’s cyber threat defense
On average, 87% of all C-Level respondents surveyed worldwide report that their company is not adequately protected. Given the risk landscape and the frequency and severity of cyber incidents, this self- assessment of C-level participants is thought-provoking ).
The percentage of those who see their organisation as not adequately protected against cyber-attacks ranged from 80% (Italy) to 95% (China and Germany) and has increased almost across the board since the last survey.
Cyber threat defense

The human factor still plays the most important role in the eyes of the respon-dents when it comes to cyber protection and preparedness: unwary employees and too few or inadequately trained staff are the two top reasons, followed by poor integration of security solutions and lack of collaboration between depart-ments. In comparison to our 2022 survey, this sequence remained identical.
FAQ
Despite the rising frequency and severity of cyber-attacks, 87% of C-Level executives worldwide say their organizations are not adequately protected against digital threats—an increase from 83% in the previous survey. This suggests a widening protection gap between awareness and actual preparedness, especially among mid-sized to large enterprises.
Levels of concern differ significantly by region. Spain (90%), India (88%), South Africa (86%), and Brazil (84%) reported the highest anxiety about cyber-attacks among C-Level executives. In contrast, Sweden stands out with only 35% expressing serious concern. The global average is 72%, revealing substantial geographical disparities in cyber risk perception.
According to respondents, the top reasons for inadequate cyber protection are:
Untrained or unaware employees
Shortage of qualified cybersecurity staff
Poor integration of security solutions
Lack of cross-departmental collaboration
These findings reaffirm that human factors remain the most critical vulnerability in cybersecurity strategies.
Yes. While action still lags behind awareness, 41% of decision-makers now view cyber insurance as a key component of their risk management strategy. This reflects growing recognition of insurance not just as a financial buffer, but also as a partner in incident response, prevention services, and risk advisory.
Executives expect insurers to:
Simplify policy terms and exclusions
Increase transparency in coverage
Provide clearer risk scoring and threat intelligence
Munich Re stresses that closing the protection gap requires insurers to adapt products and services to today’s cyber risk reality—especially as digitalization accelerates and threat complexity rises with AI and other emerging technologies.
