Commercial and private cyber insurance policies are increasingly in demand in view of the growing threat of cybercrime. But for sustainable protection, an insurance policy alone is not enough. The additional benefits of a cyber policy matter: good emergency management or effective employee awareness training can make all the difference.
More than 75 percent of German companies have already fallen victim to cybercrime. This is confirmed by recent surveys. The cost of damages incurred in the course of a cyber attack amounted to 87.7 million euros in Germany alone in 2019. Above all, data losses, business interruptions or the claims for damages due to third-party liability claims cause major damage that can quickly threaten a company’s existence. Cyber insurance can help here.
Cyber insurance in practice
While many companies were still quite skeptical about cyber insurance in 2018, cyber policies are now in active demand. Interest in cyber insurance is growing across all industries – but not among all companies. In many cases, there is still a clear need to catch up. This can quickly become threatening, because hackers have long since ceased to focus solely on large, international corporations. They are also constantly changing their attack patterns and taking an adaptive and uncompromising approach.
“From our point of view, you can’t say that a company fits more or less into the hackers’ grid. It doesn’t matter if it’s a small business with ten employees, a medium-sized company or an internationally active corporation: they can all fall victim to a cyberattack.”
Miroslav Mitrovic, Head of Sales DACH at Perseus
Cyber insurance for the self-employed, microenterprises and small businesses
According to a Forsa survey conducted on behalf of the German Insurance Association (GDV), micro-enterprises in particular (up to nine employees) are not yet convinced of the benefits of cyber insurance. In some cases, entrepreneurs have even deliberately decided against cyber insurance.
The situation is different for small companies. Almost 70 percent are aware of cyber insurance and 35 percent have taken out or plan to take out cyber insurance. Looking at the current development of cyberattacks, this is still clearly too few. In 2019, 79 percent of companies with 10-99 employees were affected by data loss, espionage or sabotage. In 2015, the figure here was still 47 percent.
Cyber insurance for German SMEs
The situation is similar for German SMEs, the backbone of the German economy. Here, too, the concept of cyber insurance is familiar to most (over 75 percent). Nearly one in two companies say they have a cyber policy or are planning to take out cyber insurance. Unfortunately, there is still a dangerous misconception, especially among smaller mid-sized companies, that they don’t fit the cybercriminal mold. Above all, the arguments that one’s own company is too small and that company data and information are not interesting for hackers prevent many companies from actively investing in cyber security. Yet the damage here is also serious should a successful cyberattack occur. On average, companies are faced with a business interruption of several days.
“You can see that small and medium-sized companies are definitely targeted by hackers. The effects of a cyber attack can be fatal for these companies in particular, because they often lack the know-how and resources to establish a sustainable cybersecurity culture.”
Cyber insurance for large corporations
Many corporations and large enterprises are already pursuing a holistic cybersecurity strategy and investing high resources in defending against cyber threats. But even here, the risks of cyberattacks are great. Increasingly complex software, new types of viruses every day, non-transparent supply chains or the numerous daily updates also pose challenges for large companies. In these cases, too, there is no such thing as one hundred percent security. The known residual risk is covered by a cyber policy.
The additional benefits of cyber insurance
But a cyber insurance policy is not enough. Only the additional services of such an insurance offer a long-term and sustainable protection against the threats from the Internet. This is because they make it possible to develop cyber security concepts that precisely meet the needs and requirements of corporate customers. These include, for example, a detailed security analysis, comprehensive emergency management or even comprehensive employee awareness training. The latter, in particular, is becoming increasingly important.
People are the number one gateway for cyber attacks. In 90 percent of cases, ill-considered clicks on links or attachments in e-mails enable hackers to gain unauthorized access to operating systems, networks or company data. To prevent cyberattacks, employees must be made aware of risks and threats. Only the interaction of such additional services with the actual cyber insurance allows companies to protect themselves against cyber risks, ward off cyber attacks and ultimately minimize financial damage and data loss.