The pandemic is acting as a catalyst for digitization. Almost every company had to find a solution quickly last year and take the step into digitization. The fact that many are now increasingly concerned about their data security is a logical and important consequence of the hasty switch to digital: How can you now protect yourself against risks and attacks? For this reason, cyber security insurance policies are increasingly being offered in a variety of forms and scopes. We asked the independent experts at VZ Versicherungen for a general overview, tips and assessments of cyber security insurance services.
Experiences and assessments of VZ on the subject of cyber security insurance
Since 2018, cyberattacks have ranked among the top 5 risks worldwide for insurance companies, alongside terrorist attacks, natural disasters and the consequences of man-made climate change. The pandemic’s impact on the insurance industry amounts to US$107 billion to date, according to VZ experts: According to VZ, the majority of claims are caused by cyber extortion or the introduction of malware into company-wide IT systems. Attacks by cyber pirates have increased significantly, especially in the pandemic year, due to the increased work in the home office.
Allianz’s tenth survey of the most important corporate risks among 2,700 risk managers in more than 100 countries. Below are the results for Switzerland.
Cyber liability – What can be covered?
Insurance companies around the world are responding to the increasing claims with a new line of insurance, cyber insurance with so-called cyber liability: “This should actually be part of the standard coverage of companies today, but it is not yet really established in the Swiss insurance market,” judge the experts at VZ.
Third-party damage – most important coverage components of a cyber security insurance:
- Liability for customer data
- Liability as information owner
- E-payment/ contractual penalties PCI/DSS
- Liability as network operator
Self-damage – Most important coverage components of a cyber security insurance:
- Investigation costs (including forensic) of data breach
- Legal advice
- Costs due to data corruption
- Data loss costs
- Costs no notify customers / third parties
- Costs due to loss of reputation
- Official measures (e.g., fines)
Cyber theft / fraud or social engineering
- Loss of monetary assets
- Costs due to exortion
What is there to consider? Tips and food for thought for risk assessment
Most likely you will now ask yourself: Does my company absolutely need cyber insurance? The answer from the VZ experts is: “Yes, BUT…”, because you should definitely consider the following points beforehand:
- What cyber risks does my business face?
- What are my “crown jewels” that I want to protect?
- Do I manage data that is worth protecting?
- Is my business dependent on IT systems?
- Are there any business-critical processes?
- How long would a business interruption last? Can I cope with it financially?
We at Dinotronic will be happy to help you answer these questions and assess your risk. According to VZ experts, a quarter of Swiss SMEs have already been the victim of a serious cyber-attack. However, a study by gfs-zürich shows: “Preventive measures are taken too rarely.”
This is exactly where we come in: As a managed service provider, we do everything we can to prevent such incidents from happening (through services tailored to your needs and 24/7 monitoring of your systems). With our Cyber Security Risk Assessment, you can find out today where your company stands in terms of cyber security and determine what data is worth protecting and whether existing processes are aligned with your business.
Conclusion: Precaution is better than aftercare and attention at the conclusion
Insurance provides security. But it only takes effect when harm is done. Wouldn’t it make more sense to act before the damage occurs? Therefore, do not neglect preventive measures under any circumstances. As an SME, you can have some cyber security incidents insured with cyber security insurance. However, when taking out insurance, you must make sure that the insurer is really liable:
- Are ransoms paid in the event of blackmail?
- Is cyber theft / social engineering (human hacking) also insured?
- How long is the waiting period in the event of a business interruption 12h / 24h?
- How long is payment made in the event of a business interruption (180 / 360 days)?
- Are business interruptions caused by negligent employees also insured (e.g., wrong patch)?
- Does the insurance cover apply worldwide?
- Which obligations regarding IT security do I have to fulfill?
- In principle, home office is always covered. Nevertheless, read the fine print!
Special attention must also be paid to damage that cannot be insured with money, such as damage to reputation and loss of trust in customers. The corporate culture and trust of employees also often suffers greatly after a successful cyber-attack.