What to take into account when hiring cyber insurance

Companies are exposed to numerous risks in the online and IT area. Cyber ​​insurance can help mitigate this. Marcus Beckmann from Beckmann und Norda Rechtsanwälte explains what to watch out for.

The subject of cyber insurance is extremely complex and there are a number of things to consider. INTERNET WORLD spoke to Marcus Beckmann of Beckmann und Norda Rechtsanwälte in Bielefeld. He advises companies in the areas of computer law and commercial legal protection, among others.

Mr. Beckmann, more and more insurance companies are discovering cyber insurance sales as a new field of future. What should such insurance provide?
Mark Beckman:
Companies are exposed to numerous risks in the online and IT area. Cyber ​​insurance can help mitigate this. It must cover the problem areas relevant to the company in acceptable conditions. One problem is the continuing rapid pace of technical progress and the constant emergence of new cyber risks. This dynamic must be reflected by the insurance company so that the insurance coverage is not partially obsolete when the contract is concluded.

What exactly can cyber insurance cover?
Almost everything can be guaranteed. These include, for example, damage to IT infrastructure caused by malware, DDoS attacks, ransomware attacks, phishing and identity theft, or loss of revenue due to server downtime. The higher the risk, the more expensive the insurance. In this sense, companies should weigh which risks are insured at what cost.


Marcus Beckmann, attorney for Beckmann and Norda Rechtsanwälte

Cyber ​​attacks are a difficult and complex topic. When does cyber insurance come into effect?
As always, it depends on the specific contract. Insurance conditions can be very different. Which risks are covered by insurance and to what extent and under what conditions should therefore be negotiated with the insurance company as far as possible and then agreed upon accordingly.

train employees accordingly

Often it is your own employees who cause considerable damage through carelessness…
Employee mistakes are also regularly covered. For the insured, this is often accompanied by the obligation that employees are sufficiently trained. In this respect, the insurance conditions often contain corresponding regulations.

With ransomware attacks, for example, you can quickly end up with millions of dollars in damage. A corresponding policy is probably quite expensive, isn’t it? What should you pay attention to when contracting in terms of liability limits?
This also depends on the contract in each individual case. There, the limits of liability are regulated, which may vary depending on the insured risk. Quantity is a matter of price. It is important to consider what is economic for a company.

Probably nothing is worse than an insurance policy that doesn’t pay out if the worst happens. Are there minimum criteria that a company must meet in terms of computer security for the insurer to intervene in the event of a claim?
The insurance contract regularly contains extensive regulations on what security-related measures must be taken for the insurance cover to take effect. These must be carefully checked, adhered to and documented. Otherwise, the insurance company may refuse to pay in case of damage.

Many insured companies are not fully aware of the criteria they must meet for insurance coverage to take effect.

“Don’t hide behind third-party companies”

IT and security are often outsourced. As a company, I no longer have any direct influence on this. This is a problem?
A company cannot hide behind third party companies. The insurance contract regulates whether and in which security-relevant areas third-party companies can be used. The insurance contract may stipulate that third-party companies must meet special criteria. In this sense, appropriate agreements must be concluded with the third-party company that guarantee compliance with the criteria related to security.

Are there other factors a business should consider before buying cyber insurance?
Cyber ​​insurance can never replace an adequate security concept and strict compliance with computer security in the company, but only reduces the economic damage in the worst case. It’s wise to first take stock of your own IT security and company-specific risks. Various offers, tailored as far as possible, should then be obtained from the insurers and the conditions should be compared as accurately as possible.


Leave your vote

Leave a Comment

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.