While the attacks before the corona pandemic were primarily concentrated directly on the internal IT systems at the company headquarters, more and more users in the home office are now being targeted by the attackers. The risk is getting bigger and applicants now usually have to use many different IT security technologies – including the use of the insurance company. A response plan in the event of a security breach – prove it within your own ranks. One of the requirements is the implementation of multifactor authentication (MFA). Without this provision, there is usually no insurance coverage.
Ransomware as the main reason for taking out cyber insurance
Ransomware is becoming more and more common, is consistently evolving and has long been no longer just targeting computers. In addition, smartphones, televisions and other devices on the network are also hardly safe from this type of malware, which encrypts data and only releases it again after paying a ransom in cryptocurrency. In view of the high ransom fees demanded by cybercriminals, insurance policies especially for ransomware should actually have long been part of the security concept of every company.
The increasing demand for relevant protection has recently been a recurring topic of international specialist conferences. The situation of a successful ransomware attack was compared with that of a real kidnapping case. The idea behind it: if there are insurance companies that step in as soon as it comes to a ransom payment for the safe release of a kidnapped person, this could also apply to ransomware. This would not only protect victims from losing access to valuable data, but also give the insurance sector the opportunity to further diversify its offer by the dedicated extension to the IT sector.
Although there are currently some insurance companies that cover the costs associated with certain cyber attacks, there is still a lot of room for improvement with regard to an adequate definition of the content. In general, such cyber insurances cover damages from third parties (which is very useful when a cyber attack on a company affects its customers). Sometimes they also pay for direct losses, focusing on specific follow-up costs of an attack. Depending on the insurance, this includes, for example, the recovery of data, the replacement of hardware / software or the commissioning of forensic investigators, external lawyers and communication consultants.
–