IT Companies

What must be considered when insuring IT operations?

Damage in the field of IT and telecommunications often leads to financial loss for the customer or another third party. Programming errors in merchandise management software, faulty implementation of software or security vulnerabilities in an IT system can cause financial losses that should not be underestimated in their amount. Therefore, pecuniary loss liability insurance is one of the most important components of IT liability insurance.

What cover can I offer my client?

Own damage insurance

pecuniary loss liability insurance

Public liability insurance

Product liability insurance

What can happen?

A possible damage scenario could play out as follows. During the implementation of software to control the inventory system of a large warehouse, data records from the old system were transferred incorrectly. Current adjustments of goods deliveries were not recorded at all. The actual flow of goods had to be determined manually at great expense. This resulted in a financial loss of around 95,000 euros.

What other safeguards play an important role for customers?

In IT companies, a lot happens on the World Wide Web. This means that even these companies can always be victims of a cyber attack. In addition to liability coverage, these companies should also be informed and covered against self-damage and business interruption as a result of a cyber attack.

Cyber risks - from digital worms, blockades and other unpleasantness...

What could happen to me? How high can the damage be? Companies still underestimate the so-called cyber risks. Data loss or hacker attacks, in particular, can lead to major financial damage for the company. The average costs of a German company after a data loss amount to about €4.8 million. In its report on the federal situation, the Federal Criminal Police Office published almost 65,000 cases in 2013 - and these are only the cases that were reported! It is not without reason that cyber risk ranked 5th in the TOP 10 dangers for companies in 2015.

For me as a medium-sized company, damage scenarios such as:

- Loss of 27,000 data records of Barclays Bank do not apply at all!

Besides, I have protection through my liability, property or fidelity insurance!

Again and again, one encounters these statements from the customer. Who can get their head around such an abstract topic?

Mostly only companies that have already been damaged or are active in the IT sector. The threat from the Internet is present for companies of all sectors and sizes. For hackers and data thieves DAX-listed companies in the telecommunications sector are just as much a target as medium-sized feedstuff animal feed manufacturer. With average costs of around 41,000 euros per attack caused, even medium-sized companies in Germany can quickly find themselves on the brink of their existence. To get a better idea of the danger, just take a look at the latest attacks.

Articles and background information on the various hacker attacks are provided by Spiegel-Online in the section net world.

For which customers would cyber coverage actually be interesting?

Even though it is a topic that everyone should deal with, it is recommended above all for Companies that:

• store, process or manage personal and confidential data
• depend on computer networks, digital information or the Internet
• conduct business online and sell goods or services over the Internet
• Publish information electronically

What sources of danger do I actually face as an entrepreneur? 

Every day, around 350,000 new variants of malware appear on the internet. To ensure that we have a common have a common level of knowledge, let us first take a closer look at six typical types of threats:

Trojans and worms

They are the classic among cyber pests: Viruses and Trojans nest themselves unnoticed in computers and steal personal data and/or infect e-mails. Every day there are hundreds of thousands of new versions of this malware, against which users could protect themselves with up-to-date anti-virus programmes. The problem is that half of all malware goes unnoticed.

Virus construction kits

Virus construction kits (exploit kits) are programmes that enable the development of individual malware and practically automate cyber attacks. practically automate cyber attacks. The programmes can initiate drive-by downloads and use a multitude of other other distribution channels to infect computers. A typical feature of virus construction kits is their ease of use, which makes them which makes them usable even for technical laymen.

Phishing 

Getting as much sensitive data as possible in a short time is also the aim of phishing. Fake mails contain links to online merchants, payment services, parcel services or social networks. There, the victims unsuspectingly disclose their personal data. Often, however, an unrecognised Trojan horse gets hold of the confidential information. confidential information.

Denial-of-service attacks

Denial-of-service attacks (attacks to block a service) aim to overload a web server or an internet service so that it cannot be used in the internet. Internet service so that it is no longer accessible on the Internet. In order to achieve this, mass masses of data packets are sent to the corresponding server. The attacks are becoming increasingly unpredictable and attacks are becoming increasingly unpredictable and efficient, because they target the most diverse points of the IT infrastructure. Denial-of-service attacks are sometimes used as a diversionary tactic to activate malware at the same time and, for example, to steal sensitive data or intellectual property. sensitive data or intellectual property.

Physical loss

Just as dangerous as attacks on IT systems is the loss of data media. Either notebooks, tablets or smartphones are stolen or their owners accidentally lose them. Especially when travelling, devices are often devices are lost and only some of them are recovered. Access to devices should be protected by strong passwords and sensitive and sensitive data should be encrypted. In addition, content can also be deleted remotely remotely, as long as the device is online. 

Data loss

The most important consequence of cyber attacks is the loss of sensitive data. No matter how the information is the consequences can be devastating. For example, credit card data can be misused, online banking transfers can be or the owner of the data can be blackmailed into publishing sensitive information. can be blackmailed.

Don't many individual insurance policies already provide cover?

The public liability insurance covers claims by an injured third party due to data loss, data alteration and data protection infringement. data breach, are covered. Some insurers also provide cover if the insured person infringes personal rights and rights to a name. personal rights and rights to a name.

In property and technical insurance, the costs of restoring data and operational programmes are usually reimbursed.

A fidelity policy usually covers IT forensics and recovery costs after a hacker attack. There is also cover on the market that pays for the costs of a security and PR consultant. Even money and assets in electronic form can be covered. 

The Kidnap & Ransom (K&R) covers pay for extortion and threats. Rewards for tips on how to catch the blackmailers are also included in the cover. 

But is that enough? We say no!

What about self-damage as a result of data recovery and loss of earnings, as well as costs for forensics, for safeguarding reputation and crisis communication?

Cyber policies are currently springing up like mushrooms, and the next product providers are already waiting in the wings with their are already waiting in the wings with their tariffs.

So what is of essential importance? What does cyber cover have to offer?

The complexity of cyber risks means that insurance cover must also be adapted to these challenges. to these challenges. In this context, two fundamental components of coverage are increasingly crystallising:

1. Liability

The following breaches of duty are relevant to cover: 

Data attack

Damage to third party systems or unauthorised access to a third party system through a cyber attack on a system of the insured company

Infringement of rights

Infringement or unlawful use of intellectual property by insured persons due to cyber activities of this.

Spying

Unauthorised access to sensitive personal data of third parties via an insured company's system. Prevented access Impairment or prevention of authorised access by customers to an insured company's system as a result of a cyber attack. as a result of a cyber attack on the insured company's systems.

Damage to reputation

Defamation, slander or any other form of defamation or disparagement of persons, products or services, or impairment of privacy. or services, or interference with the privacy of any person as a result of the cyber activities of an insured company. 2.

2. Own damage

Self-damage in connection with a hacker attack, DoS attack, computer misuse, theft of data carriers as well as any other breach of data rights is insured. This includes, for example:

Computer forensics specialists

IT forensic specialists support you in the forensic preservation of evidence. They carry out a forensic computer and data data media investigation. They use the latest hardware and software to track down perpetrators. They also detect possible security leaks and take measures to ensure data security.

Notification costs

If a company is spied on, the persons concerned must be notified. Account data, identification data or security codes must be changed. These costs are covered, and usually also the monitoring service of, for example, the affected account.

Credit protection and credit monitoring services

Whether due to office theft or cyber robbery: If credit cards are lost, this also entails consequential damage. consequential damage. This is because monitoring and protecting lost cards is an important and also costly side effect.

Restoring data and networks

This item covers costs associated with the restoration or repair of IT systems.

Reputational damage and crisis communication costs

Once your reputation is ruined, life becomes very complicated. This is not a proverb, but it is the reality. reality. If the good reputation of a company or a brand is seriously threatened, countermeasures must be taken. countermeasures must be initiated. The costs of advertising measures to maintain or regain the trust of customers after a loss are covered. regain the trust of customers after a loss. Reimbursement of crisis management costs is also included.

Cyber extortion

Extortion and ransomware have always been important parts of criminal activity. With today's, global internet economy, criminals have adapted their modus operandi and try to extort money with so-called "ransomware". Ransomware is the name given to malicious programs used by cyber criminals to extort money from their victims - either by encrypting data or by blocking the computer.

Cyber vandalism

The altering, damaging, deleting or destroying of data. This can be carried out by a targeted attack or by a Trojan-infected program.

Business interruption and consequential damage

Hackers block the homepage of a medium-sized online distributor. Nothing works any more! Due to the

The business interruption stops all orders and payments for several days. The consequences are noticeable drop in sales.