According to cyber insurance expert Bernd Eriksen in the guest article, a company that follows the security requirements of cyber insurers can still cover its cyber risk.
As recently as 2019, the point of having cyber insurance was often questioned, especially for mid-sized businesses. Today, after a large number of waves of cyber attacks, it has been recognized that even modern computer security woefully does not offer adequate protection against cyber attacks. In truth, as a result of phishing, employees are often the first point of entry for attacks, not just the IT infrastructure. In short: the risk of attack cannot be completely controlled. This makes it clear that the required balance protection is only provided by cyber insurance. It absorbs the immense costs resulting from a cyber attack.
IT Threat Status Quo: Rising Damage Costs Demand Businesses
The threat landscape has been changing for some time. Ransomware attacks continue to be absolutely paramount. However, similar to the global trend, a look at developments in Germany reveals that in 2021, according to the Sophos Ransomware Report 2021, “only” 45 percent of all companies fell victim to such an attack. In 2020 it was still 57 percent. As the downward trend in the number of cases shows, the massive improvement in IT security in recent years is definitely having an effect.
At the same time, however, according to reports from Sophos, the average damage costs for those companies that have been victims of an attack in Germany have increased exorbitantly: they have gone from an average of 0.47 million euros to 1, 1 million euros in the period. from 2020 year 2021 increased. This shows that cybercriminals are becoming more specific and professional in their work.
This development has not gone unnoticed by cyber insurers either, mainly because they have to pay ever-increasing losses due to the rapid expansion of cyber insurance. For businesses that haven’t yet had a cyber policy, the more stringent requirements that have been imposed in recent months have led to considerable challenges in even obtaining the desired insurance coverage.
Companies with large sales do not use standardized insurance models
In many cases, when bids are obtained, it quickly becomes apparent that the insurers concerned consider the risk information presented to be inadequate and reject an offer. In view of the many pitfalls, in practice it is only possible, especially for companies with a turnover of more than 100 million euros, with the advice of an insurance broker specialized in cyber policies and with experience in the field of security. information technology, to obtain coverage according to your interests.
When preparing to contract an offer, it is crucial to clarify what minimum requirements the insurer imposes in terms of computer security. Above a turnover of 100 million euros, the complexity of the requirements and the degree of compliance demanded increase by leaps and bounds. According to the current state of affairs, employee awareness training, meticulous patch management, a working backup system, comprehensive multi-factor authentication, a consistent administration concept and proven crisis management plans are in any case necessary and tested throughout the entire group of companies to ensure consist.
The requirements of different insurers differ and often provide additional criteria. However, if the demand profile of cyberinsurers is accepted and their security specifications are oriented, in the current insurance market it is still possible to obtain valuable protection against cyber risk, tailored to the needs of the insurance group of companies. with sufficient coverage.
has been in charge of the Professional Lines unit at SÜDVERS since 2013 and in this role is responsible for the sales and support of cyber protection, D&O and criminal law insurance throughout Germany.