4 out of 5 Danish companies lack cyber insurance
According to Topdanmark, 80% of Danish companies have no cyber insurance. At the same time, a cyber attack costs Danish businesses at least DKK 200,000 per day in downtime – and the average handling time is 300 days. That can add up to tens of millions for a single incident.
Cyber insurance is not a luxury. It is the difference between surviving an attack and risking bankruptcy. 60% of small and medium-sized companies hit by a data breach close within six months.
What does cyber insurance cover?
Immediate crisis support (24/7):
- IT forensics – experts who identify the attack and stop it spreading
- Legal advice – GDPR notification to the Data Protection Agency and affected individuals
- PR assistance – communication to customers, media and stakeholders
- Business interruption during downtime – the lost revenue while systems are down
- System recovery – reconstruction of IT systems, networks, software and data
- Ransomware handling – negotiation and incident response (not all policies cover the ransom itself)
- Third-party liability – compensation claims from customers and partners if their data is compromised
- War and state-sponsored cyber attacks (war exclusion)
- Known vulnerabilities you have not patched
- Deliberate fraud by employees
- Bodily injury or physical property damage
What do insurers require from you?
Insurers have become significantly stricter. You can no longer just tick boxes – they require documentation and evidence:
- Multi-factor authentication (MFA) – on all admin and privileged accounts. 80% of insurers require it
- Endpoint Detection and Response (EDR) – on all endpoints
- Immutable backups – daily validation and documented recovery capability
- Firewall and antivirus – suitable for commercial use
- Encrypted mobile devices
- Documented incident response plan
- Regular awareness training – with evidence of phishing tests
What does it cost – and what do you get?
The market is shifting. Premiums are expected to fall approximately 10% in 2025 due to increased competition. Coalition has just entered the Nordic market, covering companies with turnover up to DKK 7.5 billion.
- Coverage limits: From DKK 1 to 50 million at Tryg (higher on request)
- Premium levels: Vary with turnover, industry and security level
- Most importantly: Companies with documented high security get significantly better rates
NIS2 makes cyber insurance even more important
With the NIS2 directive (entered into force 1 July 2025), cybersecurity is now a management responsibility. Fines of up to EUR 10 million or 2% of global turnover make it costly to ignore. Cyber insurance covers both incident costs and regulatory fines – and companies with documented NIS2 compliance achieve better insurance terms.
What you should do
- Assess your security level – do you meet the minimum requirements from insurers?
- Get quotes – the market is competitive and prices are falling
- Document your security – MFA, backup, EDR and awareness training lead to better terms
- Coordinate with NIS2 – compliance gives a double benefit: lower fine risk and better insurance pricing
- Use an independent broker – we compare terms across the market and ensure the right coverage
