Cyber attacks are very diverse; both the perpetrator, the method, the target and the impact can be very different. Web servers can be hacked for intelligence purposes, or IT systems can get infected with viruses with the intention to control complete systems. Also, production control software can be manipulated which can cause business interruption. However, often it is not at all clear who the perpetrator is, and what his motives are. Apart from the diversity of cyber risk, it is the human factor playing an important role here because cybercriminals are keen on abusing human weaknesses through phishing or social engineering. This makes it difficult to control the risk which is why insurance can be a good solution.