Cyber risk dominates
32% selected cyber risk – data breaches, criminal threats and widespread outages – as their top risk concern, up from 30% in 2025.
Cyber risk is now the number one threat concern for the German executives we surveyed. What was once seen as an IT problem has become a serious business risk, with the potential to disrupt operations, damage reputations and spread across supply chains with lasting impact.
Our tracking of German-based executives shows strong concern about cyber risk, but also high confidence in existing resilience measures. Many believe they would recover fully - financially and reputationally - after a cyber incident. In reality, this confidence is likely to be misplaced.
Cyber criminals are increasingly using AI driven tools to run fast, large-scale phishing and reconnaissance attacks. These automated systems exploit the connected nature of modern technology, making attacks quicker and harder to detect or contain. As a result, cyber threats are escalating across organisations, regardless of their size or sector, with less warning and greater consequences.
Resilience today must be built into everyday business planning, not treated as a one-off exercise. Organisations need clear, well tested business continuity plans that allow them to respond quickly and effectively to cyber incidents.
Planning should also consider the real cost of an attack. This includes understanding how much financial impact the business can absorb, what cyber insurance is in place, where cover may be limited, and where controls or processes have gaps. Without this clarity, recovery will be slower, more expensive and more disruptive.
Source: Beazley Risk & Resilience Surveys.
Concern about cyber risk continues to rise year on year, reflecting a global trend and escalating threat exposure. Intellectual property risk is also increasing. By contrast, worries over legacy technology are declining, while technology disruption risk remains stable. Overall, 2026 shows a clear shift toward cyber and intellectual property risks.
Perceived preparedness has fallen across all risks in 2026, reversing last year’s high levels of confidence. The sharpest decline is in cyber and intellectual property resilience, mirroring rising concern as these risks become harder to manage. By contrast, confidence in disruption and legacy technology remains stable, which fits with the lower or unchanged risk perceptions German-based executives have of these threats.
Resilience investments prioritise cyber security and AI, reflecting escalating digital risk and automation opportunities. Significant focus on risk management and loss prevention highlights operational resilience. Exploring insurance paired with risk and crisis services suggests demand for integrated protection, preparedness, and faster recovery from systemic disruptions globally.
Source: Beazley Risk & Resilience surveys.
Risk concern varies by company size. Large organisations express higher concern overall, particularly for cyber and IP risk, reflecting greater exposure and organisational complexity. Smaller organisations report lower concern across most risks, except technology obsolescence, where elevated anxiety for large firms highlights the risks of running legacy systems and the capital resources required to upgrade them.
Large German firms show greater concern about cyber risk, reflecting their wider digital footprints and higher attractiveness to attackers. Smaller firms appear to be more concerned about disruption risk, as they are likely to have less capacity to absorb tech related shocks. Views on intellectual property risk are converging, and declining concern over technology obsolescence suggests modernisation progress is being made across all sizes of organisations.
Large German firms appear more concerned about the long-term profit impact of cyber incidents, third-party liability, and management time, reflecting greater scale, complexity, and legal exposure. Data loss and regulatory risk are equally weighted across all firms. Whereas, reputational damage is a higher concern for smaller businesses, where trust erosion can be more damaging than for diversified large organisations.
Cyber risk concern and perceived preparedness vary markedly by sector, exposing clear resilience gaps. Energy and Utilities show the highest concern but only moderate readiness, suggesting elevated exposure. Financial Institutions and Professional Services organisations and Tech sector firms pair high concern with strong preparedness. By contrast, the public sector shows very low concern and very high confidence, while Healthcare and Life Sciences stand out for comparatively low preparedness despite rising cyber threats.
Resilience investment priorities vary significantly by sector. Financial Institutions and Professional Services lead cyber security investment, while Energy, Utilities and Transportation emphasise AI adoption. Real Estate shows consistently high intent across actions. Hospitality lags on all measures, indicating lower resilience readiness. Public Sector and Technology organisations appear to be planning more balanced, multi-pronged resilience strategies overall.