When it comes to this topic, many readers ask themselves which insurance product should be used, how and when. Does a combination or a respective individual division make more sense and what are the differences? Do both insurances have the same status as fire insurance these days? Question after question, but one thing is certain: cyber damage now occurs more frequently than fire damage.
The following types of products are available on the market:
• Queen Cybercrimeversicherung
• Cybercrime insurance with included VSH coverage
• Cybercrime with liability and VSH inclusion and BU component
• Fidelity insurance with a cyber module or VSH alone.
As can be seen from the list of these product variants, these products are related and overlap in many points.
What are the characteristics of cyber insurance?
According to the definition, this is primarily a liability insurance with assistance services after a cyber attack. The consequences of a cyber attack including the restoration of the IT infrastructure are insured. A hotline and immediate advice in the event of damage are usually standard with these products. This also includes the BU insurance, which replaces the loss of contribution margins in the event of damage. There are industries or small companies such as B. hairdressers or butchers, where a hacker attack is less likely to result in business interruption damage (e.g. cash register system of a hairdresser or butcher), so that the BU component plays a subordinate role here. Covered are z. B. indirect and direct hacking damage. The larger the company or the more IT control is used, the more important the BU component becomes in cyber insurance. However, the obligations and other regulations for securing data and the IT infrastructure are decisive. Often, however, the policyholder has no influence on the servicing and regular updates, so that a rejection in the event of damage can occur very quickly. For example, the customer can hardly influence whether the firewall had the latest version installed at the time of the damage or not, especially if this service is outsourced. If we go deeper into this example: The maintenance of a firewall was outsourced, the service provider failed to install the latest version of the firmware (operating software for the firewall), which resulted in a hacker attack being successful. The resulting damage was not taken over by the cyber insurance company because there was a breach of obligations, the damage was ultimately taken over by the fidelity insurance and the attempt by the fidelity insurance to recourse against the software service provider was thwarted by the terms and conditions of the software service provider. Some insurers have formulated obligations here, which you should pay particular attention to. Also, no damage caused by “theft of money”, e.g. B. by hacking telebanking systems or intercepting access data using SMS or other transmission methods.
Another example: The inputs and screen activities of the bank program were monitored or transmitted and controlled in a company for seven months through an infiltrated software. On the day of the transfer of salaries and special payments, the “perpetrator” intervened in the transfer process. The same amount that made up salaries and special payments was illegally transferred to an account in another country, the damage was caused on a Friday lunchtime and if it was discovered on Monday the transfer could no longer be reversed. Cybercrime insurance paid for the immediate measures from the assistance services. In this case, the fidelity insurance has reimbursed EUR 380,000 as a replacement for the stolen money.
Read more in the current risControl Print issue: https://issuu.com/riscontrol/docs/riscontrol_2021_02_web
—
