Companies can be exposed to damages of many millions and considerable reputational damage if Internet criminals steal data, infect networks with malware or cause servers to crash with denial-of-service attacks. Hardly a week goes by without a report in the media about cyber-attacks. Many of these incidents, like the attack on Sony, are only partly insured because “state-sponsored attacks” (e.g. attacks by secret service operatives) are excluded. Once again, in this relatively new area of insurance it is important to take a detailed look at the relevant insurance conditions.
What is insured?
Companies can arrange comprehensive protection from dangers from the internet. An all-risk policy covers a wide variety of first party and third party damages sustained by companies as victims of Internet criminality (hacking attacks and data loss) or for which they can be held liable by their clients.
- Loss of confidential data
- Additional costs incurred due to IT failure or misuse of the telephone system
- Operational disruption costs, i.e. ongoing costs and loss of revenue.
- Crisis management and PR costs
- Costs / compensation for extortion
Third party damages
- Due to financial losses, e.g. caused by
- Breach of the German Data Protection Act
- Loss of data confidentiality
- Breach of personal rights
- Breach of Copyright
- Transmission of viruses
- Delay in providing Service
- Compensation due to non-fulfilment
- Contractual penalties/fines
Who provides the insurance?
All market participants recognise enormous potential for growth, although the market is still in its infancy and the number of policies concluded in Germany so far is quite modest. At present about 15 insurers provide cyber insurance. The level of cover still varies greatly. In some cases, “modular” solutions are possible, so that only certain risk areas are insured.